Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/26602?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "type": "pypi", "namespace": "", "name": "tensorflow-gpu", "version": "2.7.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102271?format=api", "vulnerability_id": "VCID-1b48-dfec-4ycn", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35042", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35114", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35152", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35137", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41907" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41907", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41907" }, { "reference_url": "https://github.com/advisories/GHSA-368v-7v32-52fx", "reference_id": "GHSA-368v-7v32-52fx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-368v-7v32-52fx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41907", "GHSA-368v-7v32-52fx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1b48-dfec-4ycn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44733?format=api", "vulnerability_id": "VCID-1jte-hpg7-gydx", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669" }, { "reference_url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25669", "GHSA-rcf8-g8jv-vg6p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jte-hpg7-gydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102274?format=api", "vulnerability_id": "VCID-1xee-v43t-c7c4", "summary": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55599", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55649", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55655", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41910" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41910", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41910" }, { "reference_url": "https://github.com/advisories/GHSA-frqp-wp83-qggv", "reference_id": "GHSA-frqp-wp83-qggv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frqp-wp83-qggv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41910", "GHSA-frqp-wp83-qggv", "GMS-2022-6997", "GMS-2022-7005", "GMS-2022-7013" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xee-v43t-c7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44739?format=api", "vulnerability_id": "VCID-36ey-jnev-qqf8", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17135", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17098", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17174", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1717", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666" }, { "reference_url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25666", "GHSA-f637-vh3r-vfh2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36ey-jnev-qqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55592?format=api", "vulnerability_id": "VCID-37j3-cnw5-4fch", "summary": "TensorFlow has segfault in array_ops.upper_bound\n`array_ops.upper_bound` causes a segfault when not given a rank 2 tensor.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11236", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1127", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11278", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976", "reference_id": "CVE-2023-33976", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976" }, { "reference_url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82289?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.1" } ], "aliases": [ "CVE-2023-33976", "GHSA-gjh7-xx4r-x345" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37j3-cnw5-4fch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102254?format=api", "vulnerability_id": "VCID-42t9-hpd3-hufy", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41886" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41886", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41886" }, { "reference_url": "https://github.com/advisories/GHSA-54pp-c6pp-7fpx", "reference_id": "GHSA-54pp-c6pp-7fpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54pp-c6pp-7fpx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41886", "GHSA-54pp-c6pp-7fpx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42t9-hpd3-hufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102267?format=api", "vulnerability_id": "VCID-6aey-qzrr-9qdk", "summary": "TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41899" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41899", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41899" }, { "reference_url": "https://github.com/advisories/GHSA-27rc-728f-x5w2", "reference_id": "GHSA-27rc-728f-x5w2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-27rc-728f-x5w2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41899", "GHSA-27rc-728f-x5w2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6aey-qzrr-9qdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44751?format=api", "vulnerability_id": "VCID-6f4y-m6ca-nyf6", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4301", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42948", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43022", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4303", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663" }, { "reference_url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25663", "GHSA-64jg-wjww-7c5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4y-m6ca-nyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44736?format=api", "vulnerability_id": "VCID-6yy3-r6mh-j3e8", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31243", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31244", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31312", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31278", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665" }, { "reference_url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25665", "GHSA-558h-mq8x-7q9g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yy3-r6mh-j3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102270?format=api", "vulnerability_id": "VCID-71dj-4wgv-dkfa", "summary": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53052", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53102", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53121", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53113", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41902" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41902", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41902" }, { "reference_url": "https://github.com/advisories/GHSA-cg88-rpvp-cjv5", "reference_id": "GHSA-cg88-rpvp-cjv5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg88-rpvp-cjv5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41902", "GHSA-cg88-rpvp-cjv5", "GMS-2022-6995", "GMS-2022-7003", "GMS-2022-7011" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71dj-4wgv-dkfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44752?format=api", "vulnerability_id": "VCID-8nt4-mp8z-b3et", "summary": "Double Free\nTensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2517", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2522", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25235", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801" }, { "reference_url": "https://github.com/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f49c-87jh-g47q" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25801", "GHSA-f49c-87jh-g47q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nt4-mp8z-b3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102260?format=api", "vulnerability_id": "VCID-a2bj-bk9e-7fdw", "summary": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41891" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41891", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41891" }, { "reference_url": "https://github.com/advisories/GHSA-66vq-54fq-6jvv", "reference_id": "GHSA-66vq-54fq-6jvv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66vq-54fq-6jvv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41891", "GHSA-66vq-54fq-6jvv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2bj-bk9e-7fdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44744?format=api", "vulnerability_id": "VCID-b31k-j7yk-muhz", "summary": "Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81255", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81228", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81256", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81258", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668" }, { "reference_url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25668", "GHSA-gw97-ff7c-9v96" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b31k-j7yk-muhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102265?format=api", "vulnerability_id": "VCID-bmq7-ywhj-w3ap", "summary": "TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41897" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41897", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41897" }, { "reference_url": "https://github.com/advisories/GHSA-f2w8-jw48-fr7j", "reference_id": "GHSA-f2w8-jw48-fr7j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2w8-jw48-fr7j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41897", "GHSA-f2w8-jw48-fr7j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmq7-ywhj-w3ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44743?format=api", "vulnerability_id": "VCID-c1qd-61t7-2fe3", "summary": "Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43639", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43652", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43663", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667" }, { "reference_url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25667", "GHSA-fqm2-gh8w-gr68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1qd-61t7-2fe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44730?format=api", "vulnerability_id": "VCID-cvdm-ubbq-63ew", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660" }, { "reference_url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25660", "GHSA-qjqc-vqcf-5qvj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvdm-ubbq-63ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36005?format=api", "vulnerability_id": "VCID-d3k4-z4f1-hfhy", "summary": "Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.54967", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55024", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55033", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.55025", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23592" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-101.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-101.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-156.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-156.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23592", "reference_id": "CVE-2022-23592", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23592" }, { "reference_url": "https://github.com/advisories/GHSA-vq36-27g6-p492", "reference_id": "GHSA-vq36-27g6-p492", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vq36-27g6-p492" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26606?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-rth4-8c4m-f3gd" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.0" } ], "aliases": [ "BIT-tensorflow-2022-23592", "CVE-2022-23592", "GHSA-vq36-27g6-p492", "PYSEC-2022-101", "PYSEC-2022-156" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3k4-z4f1-hfhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44746?format=api", "vulnerability_id": "VCID-dftm-vs4w-kfag", "summary": "Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25626", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25683", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25674", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664" }, { "reference_url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25664", "GHSA-6hg6-5c2q-7rcr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dftm-vs4w-kfag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102257?format=api", "vulnerability_id": "VCID-dvpe-15m7-puh4", "summary": "TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31038", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31036", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3107", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41889" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41889", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41889" }, { "reference_url": "https://github.com/advisories/GHSA-xxcj-rhqg-m46g", "reference_id": "GHSA-xxcj-rhqg-m46g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxcj-rhqg-m46g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41889", "GHSA-xxcj-rhqg-m46g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvpe-15m7-puh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110201?format=api", "vulnerability_id": "VCID-e8a2-ny5z-73au", "summary": "`CHECK` failure in `SobolSample` via missing validation\n### Impact\nAnother instance of CVE-2022-35935, where `SobolSample` is vulnerable to a denial of service via assumed scalar inputs, was found and fixed.\n```python\nimport tensorflow as tf\ntf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1]))\n```\n\n### Patches\nWe have patched the issue in GitHub commits [c65c67f88ad770662e8f191269a907bf2b94b1bf](https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf) and [02400ea266bd811fc016a848445de1bbff3a23a0](https://github.com/tensorflow/tensorflow/commit/02400ea266bd811fc016a848445de1bbff3a23a0)\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick both commits on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. TensorFlow 2.7.4 will have the first commit cherrypicked.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by:\n- Kang Hong Jin from Singapore Management University\n- Neophytos Christou, Secure Systems Labs, Brown University\n- 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology\n- Pattarakrit Rattankul", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc" }, { "reference_url": "https://github.com/advisories/GHSA-cqvq-fvhr-v6hc", "reference_id": "GHSA-cqvq-fvhr-v6hc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cqvq-fvhr-v6hc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "GHSA-cqvq-fvhr-v6hc", "GMS-2022-6996", "GMS-2022-7004", "GMS-2022-7012" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8a2-ny5z-73au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102269?format=api", "vulnerability_id": "VCID-ekmw-8ekq-1bfq", "summary": "TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52276", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57725", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57785", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57777", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41901" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41901", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41901" }, { "reference_url": "https://github.com/advisories/GHSA-g9fm-r5mm-rf9f", "reference_id": "GHSA-g9fm-r5mm-rf9f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9fm-r5mm-rf9f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41901", "GHSA-g9fm-r5mm-rf9f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekmw-8ekq-1bfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102261?format=api", "vulnerability_id": "VCID-eseh-ekjx-yffk", "summary": "TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41205", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41255", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41286", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41282", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41893" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41893", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41893" }, { "reference_url": "https://github.com/advisories/GHSA-67pf-62xr-q35m", "reference_id": "GHSA-67pf-62xr-q35m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67pf-62xr-q35m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41893", "GHSA-67pf-62xr-q35m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eseh-ekjx-yffk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44731?format=api", "vulnerability_id": "VCID-ev9c-cxzc-p7hb", "summary": "Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 is vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35524", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35456", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35551", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35562", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662" }, { "reference_url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25662", "GHSA-7jvm-xxmr-v5cw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev9c-cxzc-p7hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102251?format=api", "vulnerability_id": "VCID-ghqz-dfeq-rygz", "summary": "TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32381", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32421", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35169", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41884" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41884", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41884" }, { "reference_url": "https://github.com/advisories/GHSA-jq6x-99hj-q636", "reference_id": "GHSA-jq6x-99hj-q636", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jq6x-99hj-q636" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41884", "GHSA-jq6x-99hj-q636" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghqz-dfeq-rygz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44741?format=api", "vulnerability_id": "VCID-h18h-987d-q7he", "summary": "Incorrect Comparison\nTensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579" }, { "reference_url": "https://github.com/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5w96-866f-6rm8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-27579", "GHSA-5w96-866f-6rm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h18h-987d-q7he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36015?format=api", "vulnerability_id": "VCID-hcud-kg7b-zyhx", "summary": "Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23593", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54407", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54417", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54408", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54351", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23593" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23593", "reference_id": "CVE-2022-23593", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23593" }, { "reference_url": "https://github.com/advisories/GHSA-gwcx-jrx4-92w2", "reference_id": "GHSA-gwcx-jrx4-92w2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gwcx-jrx4-92w2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26606?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1g5s-7at3-ckfn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-2ycd-39t1-zfhs" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3kva-8fv8-ukaa" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-3v2x-fcff-2kfn" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-542f-yjje-zfad" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8h8c-hzce-sqby" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b51p-mfd9-fqge" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bckg-ymqp-eyg6" }, { "vulnerability": "VCID-bhtq-drn4-pqfw" }, { "vulnerability": "VCID-bjcs-f4yp-skc3" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-c7xx-8n31-dkd8" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-efrr-vytn-nbfk" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hk5u-5r79-67ee" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k2ms-13kz-4bgg" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kkbz-sb6d-nkb9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mpr8-1wz2-kfgv" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nkyd-wte8-zbc8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-qhtm-u49u-zyeg" }, { "vulnerability": "VCID-qp8b-wyj4-h7e4" }, { "vulnerability": "VCID-r11x-hcqs-cfgb" }, { "vulnerability": "VCID-r14r-z3cv-1qa6" }, { "vulnerability": "VCID-r3y2-x3nx-67ac" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-rth4-8c4m-f3gd" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-udmn-j2p9-xuez" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-uucj-un2y-h7h8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.0" } ], "aliases": [ "BIT-tensorflow-2022-23593", "CVE-2022-23593", "GHSA-gwcx-jrx4-92w2", "PYSEC-2022-102", "PYSEC-2022-157" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hcud-kg7b-zyhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102272?format=api", "vulnerability_id": "VCID-hm4p-s6xd-8uf5", "summary": "TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49113", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54738", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54806", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41908" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41908" }, { "reference_url": "https://github.com/advisories/GHSA-mv77-9g28-cwg3", "reference_id": "GHSA-mv77-9g28-cwg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mv77-9g28-cwg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41908", "GHSA-mv77-9g28-cwg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm4p-s6xd-8uf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44750?format=api", "vulnerability_id": "VCID-j7jy-3r33-x7fy", "summary": "NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60443", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60404", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60451", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60454", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674" }, { "reference_url": "https://github.com/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf97-q72m-7579" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25674", "GHSA-gf97-q72m-7579" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jy-3r33-x7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110102?format=api", "vulnerability_id": "VCID-kzhb-zzzm-ebe1", "summary": "`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode\n### Impact\nAnother instance of CVE-2022-35991, where `TensorListScatter` and `TensorListScatterV2` crash via non scalar inputs in`element_shape`, was found in eager mode and fixed.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)\narg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_3=''\ntf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1, \nelement_shape=arg_2, name=arg_3)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf9932fc907aff0e9e8cccf769e8b00d30fd81a1](https://github.com/tensorflow/tensorflow/commit/bf9932fc907aff0e9e8cccf769e8b00d30fd81a1).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m" }, { "reference_url": "https://github.com/advisories/GHSA-xf83-q765-xm6m", "reference_id": "GHSA-xf83-q765-xm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xf83-q765-xm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "GHSA-xf83-q765-xm6m", "GMS-2022-7001", "GMS-2022-7009", "GMS-2022-7017" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzhb-zzzm-ebe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44749?format=api", "vulnerability_id": "VCID-mj52-z2qy-4bd8", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28107", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28126", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28197", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28147", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672" }, { "reference_url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25672", "GHSA-94mm-g2mv-8p7r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj52-z2qy-4bd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102273?format=api", "vulnerability_id": "VCID-nn1z-3z62-5fby", "summary": "TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60705", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65613", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65677", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65666", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41909" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41909", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41909" }, { "reference_url": "https://github.com/advisories/GHSA-rjx6-v474-2ch9", "reference_id": "GHSA-rjx6-v474-2ch9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjx6-v474-2ch9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41909", "GHSA-rjx6-v474-2ch9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn1z-3z62-5fby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102252?format=api", "vulnerability_id": "VCID-pw2j-ex1f-wkgd", "summary": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37623", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37809", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37807", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37715", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41885" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:36Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41885", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41885" }, { "reference_url": "https://github.com/advisories/GHSA-762h-vpvw-3rcx", "reference_id": "GHSA-762h-vpvw-3rcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-762h-vpvw-3rcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148473?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-41885", "GHSA-762h-vpvw-3rcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pw2j-ex1f-wkgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44748?format=api", "vulnerability_id": "VCID-q2hk-yjnj-jbfb", "summary": "NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676" }, { "reference_url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25676", "GHSA-6wfh-89q8-44jq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2hk-yjnj-jbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44737?format=api", "vulnerability_id": "VCID-qh3y-aeak-u3hg", "summary": "Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42537", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.4248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42554", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42564", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659" }, { "reference_url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25659", "GHSA-93vr-9q9m-pj8p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh3y-aeak-u3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102275?format=api", "vulnerability_id": "VCID-rdtn-n88f-pqas", "summary": "TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36427", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36492", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36529", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36521", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41911" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41911", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41911" }, { "reference_url": "https://github.com/advisories/GHSA-pf36-r9c6-h97j", "reference_id": "GHSA-pf36-r9c6-h97j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf36-r9c6-h97j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41911", "GHSA-pf36-r9c6-h97j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtn-n88f-pqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102256?format=api", "vulnerability_id": "VCID-rh99-4vre-gfde", "summary": "TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41399", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47464", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47531", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47528", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41888" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41888", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41888" }, { "reference_url": "https://github.com/advisories/GHSA-6x99-gv2v-q76v", "reference_id": "GHSA-6x99-gv2v-q76v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x99-gv2v-q76v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41888", "GHSA-6x99-gv2v-q76v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rh99-4vre-gfde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102268?format=api", "vulnerability_id": "VCID-scvf-p5ff-c3df", "summary": "TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01207", "scoring_system": "epss", "scoring_elements": "0.79315", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01243", "scoring_system": "epss", "scoring_elements": "0.79613", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01243", "scoring_system": "epss", "scoring_elements": "0.79644", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01243", "scoring_system": "epss", "scoring_elements": "0.79639", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41900" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41900", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41900" }, { "reference_url": "https://github.com/advisories/GHSA-xvwp-h6jv-7472", "reference_id": "GHSA-xvwp-h6jv-7472", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvwp-h6jv-7472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41900", "GHSA-xvwp-h6jv-7472" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scvf-p5ff-c3df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102259?format=api", "vulnerability_id": "VCID-tuqw-n8ka-jfht", "summary": "TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34307", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34384", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3442", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34404", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41890" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41890", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41890" }, { "reference_url": "https://github.com/advisories/GHSA-h246-cgh4-7475", "reference_id": "GHSA-h246-cgh4-7475", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h246-cgh4-7475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41890", "GHSA-h246-cgh4-7475" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tuqw-n8ka-jfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44732?format=api", "vulnerability_id": "VCID-upnq-6wx8-gug8", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51616", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51571", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51631", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51637", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673" }, { "reference_url": "https://github.com/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-647v-r7qq-24fh" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25673", "GHSA-647v-r7qq-24fh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upnq-6wx8-gug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44742?format=api", "vulnerability_id": "VCID-v68f-q5vf-wkf5", "summary": "Incorrect Comparison\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675" }, { "reference_url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25675", "GHSA-7x4v-9gxg-9hwj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v68f-q5vf-wkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102263?format=api", "vulnerability_id": "VCID-vxm3-72uk-zbb8", "summary": "TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35196", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35277", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35313", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41895" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41895", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41895" }, { "reference_url": "https://github.com/advisories/GHSA-gq2j-cr96-gvqx", "reference_id": "GHSA-gq2j-cr96-gvqx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gq2j-cr96-gvqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41895", "GHSA-gq2j-cr96-gvqx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxm3-72uk-zbb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44738?format=api", "vulnerability_id": "VCID-w5vq-nwu5-pken", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670" }, { "reference_url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25670", "GHSA-49rq-hwc3-x77w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5vq-nwu5-pken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102249?format=api", "vulnerability_id": "VCID-wdks-wa1n-ckhx", "summary": "TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36583", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36685", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36677", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39276", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41880" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41880", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41880" }, { "reference_url": "https://github.com/advisories/GHSA-8w5g-3wcv-9g2j", "reference_id": "GHSA-8w5g-3wcv-9g2j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w5g-3wcv-9g2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41880", "GHSA-8w5g-3wcv-9g2j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdks-wa1n-ckhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44735?format=api", "vulnerability_id": "VCID-xej2-7wvk-xuec", "summary": "Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out-of-bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16963", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17042", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17037", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658" }, { "reference_url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64390?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/643972?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0" } ], "aliases": [ "CVE-2023-25658", "GHSA-68v3-g9cm-rmm6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xej2-7wvk-xuec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102255?format=api", "vulnerability_id": "VCID-yrtd-47vc-muff", "summary": "TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.3399", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34107", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34091", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36511", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41887" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41887", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41887" }, { "reference_url": "https://github.com/advisories/GHSA-8fvv-46hw-vpg3", "reference_id": "GHSA-8fvv-46hw-vpg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fvv-46hw-vpg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41887", "GHSA-8fvv-46hw-vpg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrtd-47vc-muff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102266?format=api", "vulnerability_id": "VCID-yy9b-ymk2-5kea", "summary": "TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41898" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41898", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41898" }, { "reference_url": "https://github.com/advisories/GHSA-hq7g-wwwp-q46h", "reference_id": "GHSA-hq7g-wwwp-q46h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hq7g-wwwp-q46h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41898", "GHSA-hq7g-wwwp-q46h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy9b-ymk2-5kea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102264?format=api", "vulnerability_id": "VCID-zc2s-1rty-hyd9", "summary": "TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35627", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40337", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41896" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41896", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41896" }, { "reference_url": "https://github.com/advisories/GHSA-rmg2-f698-wq35", "reference_id": "GHSA-rmg2-f698-wq35", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmg2-f698-wq35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148483?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/148485?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/148487?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-xej2-7wvk-xuec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1" } ], "aliases": [ "CVE-2022-41896", "GHSA-rmg2-f698-wq35" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2s-1rty-hyd9" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102241?format=api", "vulnerability_id": "VCID-124y-9kpj-p7aj", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5643", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56478", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5649", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56483", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36014" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36014", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36014" }, { "reference_url": "https://github.com/advisories/GHSA-7j3m-8g3c-9qqq", "reference_id": "GHSA-7j3m-8g3c-9qqq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j3m-8g3c-9qqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36014", "GHSA-7j3m-8g3c-9qqq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-124y-9kpj-p7aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102210?format=api", "vulnerability_id": "VCID-1fjg-c139-1yf1", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35973" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35973", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35973" }, { "reference_url": "https://github.com/advisories/GHSA-689c-r7h2-fv9v", "reference_id": "GHSA-689c-r7h2-fv9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-689c-r7h2-fv9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35973", "GHSA-689c-r7h2-fv9v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fjg-c139-1yf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102186?format=api", "vulnerability_id": "VCID-1g5s-7at3-ckfn", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28262", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28303", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28352", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29212" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/43661", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/43661" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29212", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29212" }, { "reference_url": "https://github.com/advisories/GHSA-8wwm-6264-x792", "reference_id": "GHSA-8wwm-6264-x792", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wwm-6264-x792" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29212", "GHSA-8wwm-6264-x792" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1g5s-7at3-ckfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102248?format=api", "vulnerability_id": "VCID-1m8h-cgum-nkd2", "summary": "TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36027", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50355", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50405", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50423", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50416", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36027" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/53767", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/53767" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:16Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36027", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36027" }, { "reference_url": "https://github.com/advisories/GHSA-79h2-q768-fpxr", "reference_id": "GHSA-79h2-q768-fpxr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-79h2-q768-fpxr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36027", "GHSA-79h2-q768-fpxr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1m8h-cgum-nkd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102243?format=api", "vulnerability_id": "VCID-23fs-9e1j-tbdu", "summary": "TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61018", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61063", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61075", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61067", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36016" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36016", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36016" }, { "reference_url": "https://github.com/advisories/GHSA-g468-qj8g-vcjc", "reference_id": "GHSA-g468-qj8g-vcjc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g468-qj8g-vcjc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36016", "GHSA-g468-qj8g-vcjc" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23fs-9e1j-tbdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102167?format=api", "vulnerability_id": "VCID-2ycd-39t1-zfhs", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.2562", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25666", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25721", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29194" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5g4-ppwx-48q2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5g4-ppwx-48q2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29194", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29194" }, { "reference_url": "https://github.com/advisories/GHSA-h5g4-ppwx-48q2", "reference_id": "GHSA-h5g4-ppwx-48q2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5g4-ppwx-48q2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29194", "GHSA-h5g4-ppwx-48q2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ycd-39t1-zfhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102200?format=api", "vulnerability_id": "VCID-34ue-dphj-8ka5", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35963" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35963", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35963" }, { "reference_url": "https://github.com/advisories/GHSA-84jm-4cf3-9jfm", "reference_id": "GHSA-84jm-4cf3-9jfm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-84jm-4cf3-9jfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35963", "GHSA-84jm-4cf3-9jfm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34ue-dphj-8ka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102213?format=api", "vulnerability_id": "VCID-3dgz-dzdx-8kgz", "summary": "TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35981" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:17Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35981", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35981" }, { "reference_url": "https://github.com/advisories/GHSA-vxv8-r8q2-63xw", "reference_id": "GHSA-vxv8-r8q2-63xw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxv8-r8q2-63xw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35981", "GHSA-vxv8-r8q2-63xw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3dgz-dzdx-8kgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102240?format=api", "vulnerability_id": "VCID-3ev9-u7cm-tbct", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4487", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44926", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44946", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4494", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36013" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36013", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36013" }, { "reference_url": "https://github.com/advisories/GHSA-828c-5j5q-vrjq", "reference_id": "GHSA-828c-5j5q-vrjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-828c-5j5q-vrjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36013", "GHSA-828c-5j5q-vrjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ev9-u7cm-tbct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102199?format=api", "vulnerability_id": "VCID-3jab-qtww-47eq", "summary": "TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43227", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43285", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43309", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43299", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35960" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35960", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35960" }, { "reference_url": "https://github.com/advisories/GHSA-v5xg-3q2c-c2r4", "reference_id": "GHSA-v5xg-3q2c-c2r4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v5xg-3q2c-c2r4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35960", "GHSA-v5xg-3q2c-c2r4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jab-qtww-47eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102183?format=api", "vulnerability_id": "VCID-3kva-8fv8-ukaa", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26103", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26153", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26199", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26206", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29209" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/55530", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/55530" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/55730", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/pull/55730" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4rr-5m7v-wxcw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4rr-5m7v-wxcw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29209", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29209" }, { "reference_url": "https://github.com/advisories/GHSA-f4rr-5m7v-wxcw", "reference_id": "GHSA-f4rr-5m7v-wxcw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4rr-5m7v-wxcw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29209", "GHSA-f4rr-5m7v-wxcw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kva-8fv8-ukaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102211?format=api", "vulnerability_id": "VCID-3rtn-hnmg-dugs", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35974" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35974", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35974" }, { "reference_url": "https://github.com/advisories/GHSA-vgvh-2pf4-jr2x", "reference_id": "GHSA-vgvh-2pf4-jr2x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vgvh-2pf4-jr2x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35974", "GHSA-vgvh-2pf4-jr2x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rtn-hnmg-dugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102166?format=api", "vulnerability_id": "VCID-3v2x-fcff-2kfn", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15931", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15963", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16006", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16016", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29193" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/summary_tensor_op.cc#L33-L58", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/summary_tensor_op.cc#L33-L58" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/290bb05c80c327ed74fae1d089f1001b1e2a4ef7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/290bb05c80c327ed74fae1d089f1001b1e2a4ef7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p9q-h29j-3f5v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p9q-h29j-3f5v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29193" }, { "reference_url": "https://github.com/advisories/GHSA-2p9q-h29j-3f5v", "reference_id": "GHSA-2p9q-h29j-3f5v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2p9q-h29j-3f5v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29193", "GHSA-2p9q-h29j-3f5v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3v2x-fcff-2kfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102224?format=api", "vulnerability_id": "VCID-4632-rf32-xfgg", "summary": "TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35992" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35992", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35992" }, { "reference_url": "https://github.com/advisories/GHSA-9v8w-xmr4-wgxp", "reference_id": "GHSA-9v8w-xmr4-wgxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9v8w-xmr4-wgxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35992", "GHSA-9v8w-xmr4-wgxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4632-rf32-xfgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102206?format=api", "vulnerability_id": "VCID-4gct-hv2n-8fes", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144d7babe665cf690305b33c. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35969" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35969", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35969" }, { "reference_url": "https://github.com/advisories/GHSA-q2c3-jpmc-gfjx", "reference_id": "GHSA-q2c3-jpmc-gfjx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2c3-jpmc-gfjx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35969", "GHSA-q2c3-jpmc-gfjx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gct-hv2n-8fes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102178?format=api", "vulnerability_id": "VCID-542f-yjje-zfad", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18463", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18505", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18542", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1854", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29205" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:53Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29205", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29205" }, { "reference_url": "https://github.com/advisories/GHSA-54ch-gjq5-4976", "reference_id": "GHSA-54ch-gjq5-4976", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54ch-gjq5-4976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29205", "GHSA-54ch-gjq5-4976" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-542f-yjje-zfad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102201?format=api", "vulnerability_id": "VCID-5qdx-9g76-3ugr", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12691", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12731", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35964" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35964", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35964" }, { "reference_url": "https://github.com/advisories/GHSA-f7r5-q7cx-h668", "reference_id": "GHSA-f7r5-q7cx-h668", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7r5-q7cx-h668" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35964", "GHSA-f7r5-q7cx-h668" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qdx-9g76-3ugr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102244?format=api", "vulnerability_id": "VCID-5r5f-1mgp-x3hh", "summary": "TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36017" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:48Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36017", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36017" }, { "reference_url": "https://github.com/advisories/GHSA-wqmc-pm8c-2jhc", "reference_id": "GHSA-wqmc-pm8c-2jhc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wqmc-pm8c-2jhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36017", "GHSA-wqmc-pm8c-2jhc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5r5f-1mgp-x3hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102198?format=api", "vulnerability_id": "VCID-63yf-6n3f-uugw", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35959" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35959", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35959" }, { "reference_url": "https://github.com/advisories/GHSA-wxjj-cgcx-r3vq", "reference_id": "GHSA-wxjj-cgcx-r3vq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wxjj-cgcx-r3vq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35959", "GHSA-wxjj-cgcx-r3vq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63yf-6n3f-uugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102228?format=api", "vulnerability_id": "VCID-6fzx-5d86-fqcg", "summary": "TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35996" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35996", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35996" }, { "reference_url": "https://github.com/advisories/GHSA-q5jv-m6qw-5g37", "reference_id": "GHSA-q5jv-m6qw-5g37", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5jv-m6qw-5g37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35996", "GHSA-q5jv-m6qw-5g37" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fzx-5d86-fqcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102239?format=api", "vulnerability_id": "VCID-7qsc-g2q6-yyev", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.4076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40813", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36012" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36012", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36012" }, { "reference_url": "https://github.com/advisories/GHSA-jvhc-5hhr-w3v5", "reference_id": "GHSA-jvhc-5hhr-w3v5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvhc-5hhr-w3v5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36012", "GHSA-jvhc-5hhr-w3v5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qsc-g2q6-yyev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102171?format=api", "vulnerability_id": "VCID-8h8c-hzce-sqby", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17638", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1768", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29198" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ea50a40e84f6bff15a0912728e35b657548cef11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ea50a40e84f6bff15a0912728e35b657548cef11" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mg66-qvc5-rm93", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mg66-qvc5-rm93" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29198" }, { "reference_url": "https://github.com/advisories/GHSA-mg66-qvc5-rm93", "reference_id": "GHSA-mg66-qvc5-rm93", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg66-qvc5-rm93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29198", "GHSA-mg66-qvc5-rm93" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8h8c-hzce-sqby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102231?format=api", "vulnerability_id": "VCID-9tbn-pjhn-5bdk", "summary": "TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35999" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35999", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35999" }, { "reference_url": "https://github.com/advisories/GHSA-37jf-mjv6-xfqw", "reference_id": "GHSA-37jf-mjv6-xfqw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-37jf-mjv6-xfqw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35999", "GHSA-37jf-mjv6-xfqw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tbn-pjhn-5bdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102202?format=api", "vulnerability_id": "VCID-a5ey-dfsw-vfaz", "summary": "TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2266", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22705", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35965" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:50Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:50Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35965", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35965" }, { "reference_url": "https://github.com/advisories/GHSA-qxpx-j395-pw36", "reference_id": "GHSA-qxpx-j395-pw36", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxpx-j395-pw36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35965", "GHSA-qxpx-j395-pw36" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ey-dfsw-vfaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102214?format=api", "vulnerability_id": "VCID-ac5u-fzwq-k3bk", "summary": "TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35982" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35982", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35982" }, { "reference_url": "https://github.com/advisories/GHSA-397c-5g2j-qxpv", "reference_id": "GHSA-397c-5g2j-qxpv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-397c-5g2j-qxpv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35982", "GHSA-397c-5g2j-qxpv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ac5u-fzwq-k3bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102223?format=api", "vulnerability_id": "VCID-adbe-gm2b-g7h4", "summary": "TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3463", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34708", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34744", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34728", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35991" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35991", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35991" }, { "reference_url": "https://github.com/advisories/GHSA-vm7x-4qhj-rrcq", "reference_id": "GHSA-vm7x-4qhj-rrcq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm7x-4qhj-rrcq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35991", "GHSA-vm7x-4qhj-rrcq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adbe-gm2b-g7h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102237?format=api", "vulnerability_id": "VCID-an2q-1spn-gfgz", "summary": "TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34842", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34917", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34953", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34938", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36005" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36005" }, { "reference_url": "https://github.com/advisories/GHSA-r26c-679w-mrjm", "reference_id": "GHSA-r26c-679w-mrjm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r26c-679w-mrjm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36005", "GHSA-r26c-679w-mrjm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-an2q-1spn-gfgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102173?format=api", "vulnerability_id": "VCID-b51p-mfd9-fqge", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17638", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1768", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29200" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/803404044ae7a1efac48ba82d74111fce1ddb09a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/803404044ae7a1efac48ba82d74111fce1ddb09a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2vv3-56qg-g2cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2vv3-56qg-g2cf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29200", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29200" }, { "reference_url": "https://github.com/advisories/GHSA-2vv3-56qg-g2cf", "reference_id": "GHSA-2vv3-56qg-g2cf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2vv3-56qg-g2cf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29200", "GHSA-2vv3-56qg-g2cf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b51p-mfd9-fqge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102234?format=api", "vulnerability_id": "VCID-b6g8-7vy6-gqh7", "summary": "TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36002" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36002" }, { "reference_url": "https://github.com/advisories/GHSA-mh3m-62v7-68xg", "reference_id": "GHSA-mh3m-62v7-68xg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mh3m-62v7-68xg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36002", "GHSA-mh3m-62v7-68xg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6g8-7vy6-gqh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102172?format=api", "vulnerability_id": "VCID-bckg-ymqp-eyg6", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17573", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17613", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17646", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17652", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29199" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/load_and_remap_matrix_op.cc#L70-L98", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/load_and_remap_matrix_op.cc#L70-L98" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3150642acbbe254e3c3c5d2232143fa591855ac9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3150642acbbe254e3c3c5d2232143fa591855ac9" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p9rc-rmr5-529j", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:29Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p9rc-rmr5-529j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29199", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29199" }, { "reference_url": "https://github.com/advisories/GHSA-p9rc-rmr5-529j", "reference_id": "GHSA-p9rc-rmr5-529j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9rc-rmr5-529j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29199", "GHSA-p9rc-rmr5-529j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bckg-ymqp-eyg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102185?format=api", "vulnerability_id": "VCID-bhtq-drn4-pqfw", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27409", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27387", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27426", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27476", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29211" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/45770", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/45770" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29211", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29211" }, { "reference_url": "https://github.com/advisories/GHSA-xrp2-fhq4-4q3w", "reference_id": "GHSA-xrp2-fhq4-4q3w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrp2-fhq4-4q3w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29211", "GHSA-xrp2-fhq4-4q3w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhtq-drn4-pqfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102175?format=api", "vulnerability_id": "VCID-bjcs-f4yp-skc3", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20303", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20327", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20376", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29202" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.py#L146-L239", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.py#L146-L239" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bd4d5583ff9c8df26d47a23e508208844297310e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bd4d5583ff9c8df26d47a23e508208844297310e" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/55199", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/55199" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cwpm-f78v-7m5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cwpm-f78v-7m5c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29202", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29202" }, { "reference_url": "https://github.com/advisories/GHSA-cwpm-f78v-7m5c", "reference_id": "GHSA-cwpm-f78v-7m5c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwpm-f78v-7m5c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29202", "GHSA-cwpm-f78v-7m5c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjcs-f4yp-skc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102238?format=api", "vulnerability_id": "VCID-budt-6suv-87fk", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2266", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22705", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36011" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36011", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36011" }, { "reference_url": "https://github.com/advisories/GHSA-fv43-93gv-vm8f", "reference_id": "GHSA-fv43-93gv-vm8f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv43-93gv-vm8f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36011", "GHSA-fv43-93gv-vm8f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-budt-6suv-87fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102176?format=api", "vulnerability_id": "VCID-c7xx-8n31-dkd8", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17786", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17826", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17861", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17864", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29203" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:42Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjm6-4vf7-cjh4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29203", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29203" }, { "reference_url": "https://github.com/advisories/GHSA-jjm6-4vf7-cjh4", "reference_id": "GHSA-jjm6-4vf7-cjh4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjm6-4vf7-cjh4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29203", "GHSA-jjm6-4vf7-cjh4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c7xx-8n31-dkd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102235?format=api", "vulnerability_id": "VCID-cnnv-k1mq-bycd", "summary": "TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36003" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36003" }, { "reference_url": "https://github.com/advisories/GHSA-cv2p-32v3-vhwq", "reference_id": "GHSA-cv2p-32v3-vhwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cv2p-32v3-vhwq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36003", "GHSA-cv2p-32v3-vhwq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnnv-k1mq-bycd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102193?format=api", "vulnerability_id": "VCID-d1xg-zvu2-pfcf", "summary": "TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46057", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46008", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46076", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46078", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35939" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35939", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35939" }, { "reference_url": "https://github.com/advisories/GHSA-ffjm-4qwc-7cmf", "reference_id": "GHSA-ffjm-4qwc-7cmf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffjm-4qwc-7cmf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35939", "GHSA-ffjm-4qwc-7cmf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1xg-zvu2-pfcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102187?format=api", "vulnerability_id": "VCID-efrr-vytn-nbfk", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28262", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28303", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28352", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29213" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73" }, { "reference_url": "https://github.com/tensorflow/tensorflow/issues/55263", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/issues/55263" }, { "reference_url": "https://github.com/tensorflow/tensorflow/pull/55274", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/pull/55274" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:18Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5889-7v45-q28m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29213", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29213" }, { "reference_url": "https://github.com/advisories/GHSA-5889-7v45-q28m", "reference_id": "GHSA-5889-7v45-q28m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5889-7v45-q28m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29213", "GHSA-5889-7v45-q28m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efrr-vytn-nbfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102215?format=api", "vulnerability_id": "VCID-eqjg-vnm4-pbgx", "summary": "TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35983" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35983", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35983" }, { "reference_url": "https://github.com/advisories/GHSA-m6vp-8q9j-whx4", "reference_id": "GHSA-m6vp-8q9j-whx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6vp-8q9j-whx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35983", "GHSA-m6vp-8q9j-whx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eqjg-vnm4-pbgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102220?format=api", "vulnerability_id": "VCID-eqp9-vbjw-uye1", "summary": "TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22403", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22426", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22475", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22487", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35988" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35988", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35988" }, { "reference_url": "https://github.com/advisories/GHSA-9vqj-64pv-w55c", "reference_id": "GHSA-9vqj-64pv-w55c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9vqj-64pv-w55c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35988", "GHSA-9vqj-64pv-w55c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eqp9-vbjw-uye1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102247?format=api", "vulnerability_id": "VCID-f85h-49x9-7qdw", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36026" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36026", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36026" }, { "reference_url": "https://github.com/advisories/GHSA-9cr2-8pwr-fhfq", "reference_id": "GHSA-9cr2-8pwr-fhfq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9cr2-8pwr-fhfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36026", "GHSA-9cr2-8pwr-fhfq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f85h-49x9-7qdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102219?format=api", "vulnerability_id": "VCID-g5du-95mm-uqdv", "summary": "TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35987" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35987", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35987" }, { "reference_url": "https://github.com/advisories/GHSA-w62h-8xjm-fv49", "reference_id": "GHSA-w62h-8xjm-fv49", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w62h-8xjm-fv49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35987", "GHSA-w62h-8xjm-fv49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5du-95mm-uqdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102221?format=api", "vulnerability_id": "VCID-gt24-f126-akej", "summary": "TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35989" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35989", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35989" }, { "reference_url": "https://github.com/advisories/GHSA-j43h-pgmg-5hjq", "reference_id": "GHSA-j43h-pgmg-5hjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j43h-pgmg-5hjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35989", "GHSA-j43h-pgmg-5hjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gt24-f126-akej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102222?format=api", "vulnerability_id": "VCID-gv1k-p9qb-qug3", "summary": "TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35990" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:52Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:52Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35990", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35990" }, { "reference_url": "https://github.com/advisories/GHSA-h7ff-cfc9-wmmh", "reference_id": "GHSA-h7ff-cfc9-wmmh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7ff-cfc9-wmmh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35990", "GHSA-h7ff-cfc9-wmmh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gv1k-p9qb-qug3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102227?format=api", "vulnerability_id": "VCID-h9va-2q1u-nfeq", "summary": "TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35995" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35995", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35995" }, { "reference_url": "https://github.com/advisories/GHSA-g9h5-vr8m-x2h4", "reference_id": "GHSA-g9h5-vr8m-x2h4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9h5-vr8m-x2h4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35995", "GHSA-g9h5-vr8m-x2h4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9va-2q1u-nfeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102180?format=api", "vulnerability_id": "VCID-hk5u-5r79-67ee", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23109", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2313", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23175", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2319", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29206" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse_tensor_dense_add_op.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse_tensor_dense_add_op.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/11ced8467eccad9c7cb94867708be8fa5c66c730", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/11ced8467eccad9c7cb94867708be8fa5c66c730" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rc9w-5c64-9vqq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:57Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rc9w-5c64-9vqq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29206", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29206" }, { "reference_url": "https://github.com/advisories/GHSA-rc9w-5c64-9vqq", "reference_id": "GHSA-rc9w-5c64-9vqq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rc9w-5c64-9vqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29206", "GHSA-rc9w-5c64-9vqq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hk5u-5r79-67ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102196?format=api", "vulnerability_id": "VCID-juat-vtcr-xbg3", "summary": "TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.4076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40813", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35941" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35941", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35941" }, { "reference_url": "https://github.com/advisories/GHSA-mgmh-g2v6-mqw5", "reference_id": "GHSA-mgmh-g2v6-mqw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mgmh-g2v6-mqw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145649?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.2" } ], "aliases": [ "CVE-2022-35941", "GHSA-mgmh-g2v6-mqw5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-juat-vtcr-xbg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102169?format=api", "vulnerability_id": "VCID-k2ms-13kz-4bgg", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17638", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1768", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29196" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/conv_grad_ops_3d.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/conv_grad_ops_3d.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/174c5096f303d5be7ed2ca2662b08371bff4ab88", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/174c5096f303d5be7ed2ca2662b08371bff4ab88" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5v77-j66x-4c4g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:23Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5v77-j66x-4c4g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29196", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29196" }, { "reference_url": "https://github.com/advisories/GHSA-5v77-j66x-4c4g", "reference_id": "GHSA-5v77-j66x-4c4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5v77-j66x-4c4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29196", "GHSA-5v77-j66x-4c4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ms-13kz-4bgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102189?format=api", "vulnerability_id": "VCID-k3am-7v2s-xqb9", "summary": "TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12691", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12731", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35934" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:20Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35934", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35934" }, { "reference_url": "https://github.com/advisories/GHSA-f4w6-h4f5-wx45", "reference_id": "GHSA-f4w6-h4f5-wx45", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4w6-h4f5-wx45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35934", "GHSA-f4w6-h4f5-wx45" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3am-7v2s-xqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102204?format=api", "vulnerability_id": "VCID-kafn-vb69-tub3", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35967" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35967", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35967" }, { "reference_url": "https://github.com/advisories/GHSA-v6h3-348g-6h5x", "reference_id": "GHSA-v6h3-348g-6h5x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6h3-348g-6h5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35967", "GHSA-v6h3-348g-6h5x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kafn-vb69-tub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102236?format=api", "vulnerability_id": "VCID-kb5d-pyxb-4fe9", "summary": "TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32983", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33062", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.331", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36004" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36004" }, { "reference_url": "https://github.com/advisories/GHSA-mv8m-8x97-937q", "reference_id": "GHSA-mv8m-8x97-937q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mv8m-8x97-937q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36004", "GHSA-mv8m-8x97-937q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kb5d-pyxb-4fe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102168?format=api", "vulnerability_id": "VCID-kkbz-sb6d-nkb9", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17573", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17613", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17646", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17652", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29195" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L26", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L26" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h48f-q7rw-hvr7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:10Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h48f-q7rw-hvr7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29195", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29195" }, { "reference_url": "https://github.com/advisories/GHSA-h48f-q7rw-hvr7", "reference_id": "GHSA-h48f-q7rw-hvr7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h48f-q7rw-hvr7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29195", "GHSA-h48f-q7rw-hvr7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkbz-sb6d-nkb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102165?format=api", "vulnerability_id": "VCID-mpr8-1wz2-kfgv", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34219", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34254", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34238", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29192" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L148-L226" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h2wq-prv9-2f56", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h2wq-prv9-2f56" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29192", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29192" }, { "reference_url": "https://github.com/advisories/GHSA-h2wq-prv9-2f56", "reference_id": "GHSA-h2wq-prv9-2f56", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h2wq-prv9-2f56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29192", "GHSA-h2wq-prv9-2f56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpr8-1wz2-kfgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102197?format=api", "vulnerability_id": "VCID-mtkv-vxpu-m3fu", "summary": "TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44509", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44564", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44586", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44578", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35952" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:01Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35952", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35952" }, { "reference_url": "https://github.com/advisories/GHSA-h5vq-gw2c-pq47", "reference_id": "GHSA-h5vq-gw2c-pq47", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5vq-gw2c-pq47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35952", "GHSA-h5vq-gw2c-pq47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtkv-vxpu-m3fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102205?format=api", "vulnerability_id": "VCID-njmm-n794-tqcr", "summary": "TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21615", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21635", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2168", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21693", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35968" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:38Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35968", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35968" }, { "reference_url": "https://github.com/advisories/GHSA-2475-53vw-vp25", "reference_id": "GHSA-2475-53vw-vp25", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2475-53vw-vp25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35968", "GHSA-2475-53vw-vp25" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njmm-n794-tqcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102188?format=api", "vulnerability_id": "VCID-nkyd-wte8-zbc8", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27334", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27403", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31145", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31181", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29216" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29216", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29216" }, { "reference_url": "https://github.com/advisories/GHSA-75c9-jrh4-79mc", "reference_id": "GHSA-75c9-jrh4-79mc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75c9-jrh4-79mc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29216", "GHSA-75c9-jrh4-79mc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkyd-wte8-zbc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102216?format=api", "vulnerability_id": "VCID-nttr-e3uq-tbew", "summary": "TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35984" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:03Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:03Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35984", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35984" }, { "reference_url": "https://github.com/advisories/GHSA-p2xf-8hgm-hpw5", "reference_id": "GHSA-p2xf-8hgm-hpw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p2xf-8hgm-hpw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35984", "GHSA-p2xf-8hgm-hpw5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nttr-e3uq-tbew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102246?format=api", "vulnerability_id": "VCID-ppev-q19c-jfcd", "summary": "TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36019" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36019", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36019" }, { "reference_url": "https://github.com/advisories/GHSA-9j4v-pp28-mxv7", "reference_id": "GHSA-9j4v-pp28-mxv7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9j4v-pp28-mxv7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36019", "GHSA-9j4v-pp28-mxv7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ppev-q19c-jfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102208?format=api", "vulnerability_id": "VCID-q8m1-bjce-67bd", "summary": "TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35971" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:30Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:30Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35971", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35971" }, { "reference_url": "https://github.com/advisories/GHSA-9fpg-838v-wpv7", "reference_id": "GHSA-9fpg-838v-wpv7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fpg-838v-wpv7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35971", "GHSA-9fpg-838v-wpv7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8m1-bjce-67bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102170?format=api", "vulnerability_id": "VCID-qhtm-u49u-zyeg", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17638", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1768", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17717", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29197" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L95", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L95" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/13d38a07ce9143e044aa737cfd7bb759d0e9b400", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/13d38a07ce9143e044aa737cfd7bb759d0e9b400" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hrg5-737c-2p56", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hrg5-737c-2p56" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29197", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29197" }, { "reference_url": "https://github.com/advisories/GHSA-hrg5-737c-2p56", "reference_id": "GHSA-hrg5-737c-2p56", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hrg5-737c-2p56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29197", "GHSA-hrg5-737c-2p56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhtm-u49u-zyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111033?format=api", "vulnerability_id": "VCID-qp8b-wyj4-h7e4", "summary": "`CHECK` failure in depthwise ops via overflows\n### Impact\nThe implementation of depthwise ops in TensorFlow is vulnerable to a denial of service via `CHECK`-failure (assertion failure) caused by overflowing the number of elements in a tensor:\n\n```python\nimport tensorflow as tf\n\ninput = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)\nfilter_sizes = tf.constant(1879048192, shape=[13], dtype=tf.int32)\nout_backprop = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)\ntf.raw_ops.DepthwiseConv2dNativeBackpropFilter(\n input=input, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 1, 1, 1], padding=\"SAME\")\n```\n \nThis is another instance of [TFSA-2021-198](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md) (CVE-2021-41197).\n \n### Patches\nWe have patched the issue in GitHub commit [3796cc4fcd93ae55812a457abc96dcd55fbb854b](https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b).\n\nThe fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou from Secure Systems Lab at Brown University.", "references": [ { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379" }, { "reference_url": "https://github.com/advisories/GHSA-mw6j-hh29-h379", "reference_id": "GHSA-mw6j-hh29-h379", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mw6j-hh29-h379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "GHSA-mw6j-hh29-h379", "GMS-2022-1528", "GMS-2022-1532", "GMS-2022-1536" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp8b-wyj4-h7e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102164?format=api", "vulnerability_id": "VCID-r11x-hcqs-cfgb", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34219", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34254", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34238", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29191" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv25-wrff-wf86", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:43Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv25-wrff-wf86" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29191" }, { "reference_url": "https://github.com/advisories/GHSA-fv25-wrff-wf86", "reference_id": "GHSA-fv25-wrff-wf86", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv25-wrff-wf86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29191", "GHSA-fv25-wrff-wf86" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r11x-hcqs-cfgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102177?format=api", "vulnerability_id": "VCID-r14r-z3cv-1qa6", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19566", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19595", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19637", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19643", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29204" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/20cb18724b0bf6c09071a3f53434c4eec53cc147", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/20cb18724b0bf6c09071a3f53434c4eec53cc147" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/84563f265f28b3c36a15335c8b005d405260e943", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/84563f265f28b3c36a15335c8b005d405260e943" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx9q-2mx4-m4pg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx9q-2mx4-m4pg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29204", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29204" }, { "reference_url": "https://github.com/advisories/GHSA-hx9q-2mx4-m4pg", "reference_id": "GHSA-hx9q-2mx4-m4pg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hx9q-2mx4-m4pg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29204", "GHSA-hx9q-2mx4-m4pg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r14r-z3cv-1qa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102182?format=api", "vulnerability_id": "VCID-r3y2-x3nx-67ac", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33136", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33216", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33253", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33239", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29208" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r2f-g8mw-9gvr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:49Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r2f-g8mw-9gvr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29208", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29208" }, { "reference_url": "https://github.com/advisories/GHSA-2r2f-g8mw-9gvr", "reference_id": "GHSA-2r2f-g8mw-9gvr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2r2f-g8mw-9gvr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29208", "GHSA-2r2f-g8mw-9gvr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3y2-x3nx-67ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102212?format=api", "vulnerability_id": "VCID-raep-npkq-b3fx", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35979" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:19Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35979", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35979" }, { "reference_url": "https://github.com/advisories/GHSA-v7vw-577f-vp8x", "reference_id": "GHSA-v7vw-577f-vp8x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v7vw-577f-vp8x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35979", "GHSA-v7vw-577f-vp8x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-raep-npkq-b3fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102203?format=api", "vulnerability_id": "VCID-sevq-49gc-k3eh", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35966" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35966", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35966" }, { "reference_url": "https://github.com/advisories/GHSA-4w68-4x85-mjj9", "reference_id": "GHSA-4w68-4x85-mjj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4w68-4x85-mjj9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35966", "GHSA-4w68-4x85-mjj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sevq-49gc-k3eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102190?format=api", "vulnerability_id": "VCID-shq8-1n4y-vkc5", "summary": "TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26039", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26091", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26136", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26142", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35935" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:14Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35935", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35935" }, { "reference_url": "https://github.com/advisories/GHSA-97p7-w86h-vcf9", "reference_id": "GHSA-97p7-w86h-vcf9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97p7-w86h-vcf9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35935", "GHSA-97p7-w86h-vcf9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shq8-1n4y-vkc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102191?format=api", "vulnerability_id": "VCID-t2dj-e6dk-m7f2", "summary": "TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31427", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31431", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31498", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31464", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35937" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:09Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35937", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35937" }, { "reference_url": "https://github.com/advisories/GHSA-pxrw-j2fv-hx3h", "reference_id": "GHSA-pxrw-j2fv-hx3h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pxrw-j2fv-hx3h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35937", "GHSA-pxrw-j2fv-hx3h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2dj-e6dk-m7f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102181?format=api", "vulnerability_id": "VCID-udmn-j2p9-xuez", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17867", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17903", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17907", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29207" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:47:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29207", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29207" }, { "reference_url": "https://github.com/advisories/GHSA-5wpj-c6f7-24x8", "reference_id": "GHSA-5wpj-c6f7-24x8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5wpj-c6f7-24x8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29207", "GHSA-5wpj-c6f7-24x8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-udmn-j2p9-xuez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102207?format=api", "vulnerability_id": "VCID-uhxa-me3d-sbhj", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35970" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35970", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35970" }, { "reference_url": "https://github.com/advisories/GHSA-g35r-369w-3fqp", "reference_id": "GHSA-g35r-369w-3fqp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g35r-369w-3fqp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35970", "GHSA-g35r-369w-3fqp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uhxa-me3d-sbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102233?format=api", "vulnerability_id": "VCID-urkj-g83d-xkh8", "summary": "TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36001" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:40Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36001" }, { "reference_url": "https://github.com/advisories/GHSA-jqm7-m5q7-3hm5", "reference_id": "GHSA-jqm7-m5q7-3hm5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jqm7-m5q7-3hm5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36001", "GHSA-jqm7-m5q7-3hm5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urkj-g83d-xkh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102174?format=api", "vulnerability_id": "VCID-uucj-un2y-h7h8", "summary": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17573", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17613", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17646", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17652", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29201" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqhm-4wvf-2jg8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:35Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqhm-4wvf-2jg8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29201", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29201" }, { "reference_url": "https://github.com/advisories/GHSA-pqhm-4wvf-2jg8", "reference_id": "GHSA-pqhm-4wvf-2jg8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqhm-4wvf-2jg8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26609?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124y-9kpj-p7aj" }, { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1fjg-c139-1yf1" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1m8h-cgum-nkd2" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-23fs-9e1j-tbdu" }, { "vulnerability": "VCID-34ue-dphj-8ka5" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-3dgz-dzdx-8kgz" }, { "vulnerability": "VCID-3ev9-u7cm-tbct" }, { "vulnerability": "VCID-3jab-qtww-47eq" }, { "vulnerability": "VCID-3rtn-hnmg-dugs" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-4632-rf32-xfgg" }, { "vulnerability": "VCID-4gct-hv2n-8fes" }, { "vulnerability": "VCID-5qdx-9g76-3ugr" }, { "vulnerability": "VCID-5r5f-1mgp-x3hh" }, { "vulnerability": "VCID-63yf-6n3f-uugw" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6fzx-5d86-fqcg" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-7qsc-g2q6-yyev" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-9tbn-pjhn-5bdk" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-a5ey-dfsw-vfaz" }, { "vulnerability": "VCID-ac5u-fzwq-k3bk" }, { "vulnerability": "VCID-adbe-gm2b-g7h4" }, { "vulnerability": "VCID-an2q-1spn-gfgz" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-b6g8-7vy6-gqh7" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-budt-6suv-87fk" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cnnv-k1mq-bycd" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d1xg-zvu2-pfcf" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eqjg-vnm4-pbgx" }, { "vulnerability": "VCID-eqp9-vbjw-uye1" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-f85h-49x9-7qdw" }, { "vulnerability": "VCID-g5du-95mm-uqdv" }, { "vulnerability": "VCID-g5tz-zaxw-cfa2" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-gt24-f126-akej" }, { "vulnerability": "VCID-gv1k-p9qb-qug3" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-h9va-2q1u-nfeq" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-juat-vtcr-xbg3" }, { "vulnerability": "VCID-k3am-7v2s-xqb9" }, { "vulnerability": "VCID-kafn-vb69-tub3" }, { "vulnerability": "VCID-kb5d-pyxb-4fe9" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-mtkv-vxpu-m3fu" }, { "vulnerability": "VCID-njmm-n794-tqcr" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-nttr-e3uq-tbew" }, { "vulnerability": "VCID-ppev-q19c-jfcd" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-q8m1-bjce-67bd" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-raep-npkq-b3fx" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-sevq-49gc-k3eh" }, { "vulnerability": "VCID-shq8-1n4y-vkc5" }, { "vulnerability": "VCID-t2dj-e6dk-m7f2" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-uhxa-me3d-sbhj" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-urkj-g83d-xkh8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vpg8-m282-bbfb" }, { "vulnerability": "VCID-vtgx-x9t1-eyb1" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w316-z2dk-sbdy" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-wvbd-6s6n-fqdz" }, { "vulnerability": "VCID-x2hf-a9qm-t3du" }, { "vulnerability": "VCID-x7s3-qyrt-mbat" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-xuzj-9346-tuf3" }, { "vulnerability": "VCID-ybth-xfxp-c7fu" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" }, { "vulnerability": "VCID-zfqe-wftj-nke3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" } ], "aliases": [ "CVE-2022-29201", "GHSA-pqhm-4wvf-2jg8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uucj-un2y-h7h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102232?format=api", "vulnerability_id": "VCID-vpg8-m282-bbfb", "summary": "TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2266", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22705", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36000" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36000", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36000" }, { "reference_url": "https://github.com/advisories/GHSA-fqxc-pvf8-2w9v", "reference_id": "GHSA-fqxc-pvf8-2w9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqxc-pvf8-2w9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36000", "GHSA-fqxc-pvf8-2w9v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpg8-m282-bbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102242?format=api", "vulnerability_id": "VCID-vtgx-x9t1-eyb1", "summary": "TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.4076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40813", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36015" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36015", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36015" }, { "reference_url": "https://github.com/advisories/GHSA-rh87-q4vg-m45j", "reference_id": "GHSA-rh87-q4vg-m45j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rh87-q4vg-m45j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36015", "GHSA-rh87-q4vg-m45j" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtgx-x9t1-eyb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102217?format=api", "vulnerability_id": "VCID-w316-z2dk-sbdy", "summary": "TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35985" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:00Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:00Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35985", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35985" }, { "reference_url": "https://github.com/advisories/GHSA-9942-r22v-78cp", "reference_id": "GHSA-9942-r22v-78cp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9942-r22v-78cp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35985", "GHSA-9942-r22v-78cp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w316-z2dk-sbdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102195?format=api", "vulnerability_id": "VCID-wvbd-6s6n-fqdz", "summary": "TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.4076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40813", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40838", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35940" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:04Z/" } ], "url": "https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:04Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:04Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35940", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35940" }, { "reference_url": "https://github.com/advisories/GHSA-x989-q2pq-4q5x", "reference_id": "GHSA-x989-q2pq-4q5x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x989-q2pq-4q5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35940", "GHSA-x989-q2pq-4q5x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvbd-6s6n-fqdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102229?format=api", "vulnerability_id": "VCID-x2hf-a9qm-t3du", "summary": "TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.148", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14842", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14882", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14886", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35997" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35997", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35997" }, { "reference_url": "https://github.com/advisories/GHSA-p7hr-f446-x6qf", "reference_id": "GHSA-p7hr-f446-x6qf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p7hr-f446-x6qf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35997", "GHSA-p7hr-f446-x6qf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2hf-a9qm-t3du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102225?format=api", "vulnerability_id": "VCID-x7s3-qyrt-mbat", "summary": "TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35993" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35993", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35993" }, { "reference_url": "https://github.com/advisories/GHSA-wq6q-6m32-9rv9", "reference_id": "GHSA-wq6q-6m32-9rv9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq6q-6m32-9rv9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35993", "GHSA-wq6q-6m32-9rv9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7s3-qyrt-mbat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102209?format=api", "vulnerability_id": "VCID-xuzj-9346-tuf3", "summary": "TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20176", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20216", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35972" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35972", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35972" }, { "reference_url": "https://github.com/advisories/GHSA-4pc4-m9mj-v2r9", "reference_id": "GHSA-4pc4-m9mj-v2r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4pc4-m9mj-v2r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35972", "GHSA-4pc4-m9mj-v2r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xuzj-9346-tuf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102245?format=api", "vulnerability_id": "VCID-ybth-xfxp-c7fu", "summary": "TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33087", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33125", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36018" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:58:46Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36018", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36018" }, { "reference_url": "https://github.com/advisories/GHSA-m6cv-4fmf-66xf", "reference_id": "GHSA-m6cv-4fmf-66xf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6cv-4fmf-66xf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-36018", "GHSA-m6cv-4fmf-66xf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ybth-xfxp-c7fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102226?format=api", "vulnerability_id": "VCID-zfqe-wftj-nke3", "summary": "TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12691", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12731", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35994" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770" }, { "reference_url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35994", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35994" }, { "reference_url": "https://github.com/advisories/GHSA-fhfc-2q7x-929f", "reference_id": "GHSA-fhfc-2q7x-929f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhfc-2q7x-929f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26602?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-d3k4-z4f1-hfhy" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hcud-kg7b-zyhx" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-pw2j-ex1f-wkgd" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/145405?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/145406?format=api", "purl": "pkg:pypi/tensorflow-gpu@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b48-dfec-4ycn" }, { "vulnerability": "VCID-1jte-hpg7-gydx" }, { "vulnerability": "VCID-1xee-v43t-c7c4" }, { "vulnerability": "VCID-36ey-jnev-qqf8" }, { "vulnerability": "VCID-37j3-cnw5-4fch" }, { "vulnerability": "VCID-42t9-hpd3-hufy" }, { "vulnerability": "VCID-6aey-qzrr-9qdk" }, { "vulnerability": "VCID-6f4y-m6ca-nyf6" }, { "vulnerability": "VCID-6yy3-r6mh-j3e8" }, { "vulnerability": "VCID-71dj-4wgv-dkfa" }, { "vulnerability": "VCID-8nt4-mp8z-b3et" }, { "vulnerability": "VCID-a2bj-bk9e-7fdw" }, { "vulnerability": "VCID-b31k-j7yk-muhz" }, { "vulnerability": "VCID-bmq7-ywhj-w3ap" }, { "vulnerability": "VCID-c1qd-61t7-2fe3" }, { "vulnerability": "VCID-cvdm-ubbq-63ew" }, { "vulnerability": "VCID-dftm-vs4w-kfag" }, { "vulnerability": "VCID-dvpe-15m7-puh4" }, { "vulnerability": "VCID-e8a2-ny5z-73au" }, { "vulnerability": "VCID-ekmw-8ekq-1bfq" }, { "vulnerability": "VCID-eseh-ekjx-yffk" }, { "vulnerability": "VCID-ev9c-cxzc-p7hb" }, { "vulnerability": "VCID-ghqz-dfeq-rygz" }, { "vulnerability": "VCID-h18h-987d-q7he" }, { "vulnerability": "VCID-hm4p-s6xd-8uf5" }, { "vulnerability": "VCID-j7jy-3r33-x7fy" }, { "vulnerability": "VCID-kzhb-zzzm-ebe1" }, { "vulnerability": "VCID-mj52-z2qy-4bd8" }, { "vulnerability": "VCID-nn1z-3z62-5fby" }, { "vulnerability": "VCID-q2hk-yjnj-jbfb" }, { "vulnerability": "VCID-qh3y-aeak-u3hg" }, { "vulnerability": "VCID-rdtn-n88f-pqas" }, { "vulnerability": "VCID-rh99-4vre-gfde" }, { "vulnerability": "VCID-scvf-p5ff-c3df" }, { "vulnerability": "VCID-tuqw-n8ka-jfht" }, { "vulnerability": "VCID-upnq-6wx8-gug8" }, { "vulnerability": "VCID-v68f-q5vf-wkf5" }, { "vulnerability": "VCID-vxm3-72uk-zbb8" }, { "vulnerability": "VCID-w5vq-nwu5-pken" }, { "vulnerability": "VCID-wdks-wa1n-ckhx" }, { "vulnerability": "VCID-xej2-7wvk-xuec" }, { "vulnerability": "VCID-yrtd-47vc-muff" }, { "vulnerability": "VCID-yy9b-ymk2-5kea" }, { "vulnerability": "VCID-zc2s-1rty-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.1" } ], "aliases": [ "CVE-2022-35994", "GHSA-fhfc-2q7x-929f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfqe-wftj-nke3" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.7.2" }