Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64391?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "type": "pypi", "namespace": "", "name": "tensorflow-cpu", "version": "2.11.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12.1", "latest_non_vulnerable_version": "2.12.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55592?format=api", "vulnerability_id": "VCID-37j3-cnw5-4fch", "summary": "TensorFlow has segfault in array_ops.upper_bound\n`array_ops.upper_bound` causes a segfault when not given a rank 2 tensor.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11156", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11236", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1127", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11278", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33976" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976", "reference_id": "CVE-2023-33976", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33976" }, { "reference_url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjh7-xx4r-x345" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345", "reference_id": "GHSA-gjh7-xx4r-x345", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82284?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.12.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.12.1" } ], "aliases": [ "CVE-2023-33976", "GHSA-gjh7-xx4r-x345" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37j3-cnw5-4fch" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44733?format=api", "vulnerability_id": "VCID-1jte-hpg7-gydx", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4282", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25669" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25669" }, { "reference_url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rcf8-g8jv-vg6p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", "reference_id": "GHSA-rcf8-g8jv-vg6p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25669", "GHSA-rcf8-g8jv-vg6p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jte-hpg7-gydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44739?format=api", "vulnerability_id": "VCID-36ey-jnev-qqf8", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17098", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17056", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17135", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1717", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17174", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25666" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25666" }, { "reference_url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f637-vh3r-vfh2" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", "reference_id": "GHSA-f637-vh3r-vfh2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25666", "GHSA-f637-vh3r-vfh2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36ey-jnev-qqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44751?format=api", "vulnerability_id": "VCID-6f4y-m6ca-nyf6", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42948", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42974", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4301", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4303", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43022", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25663" }, { "reference_url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-64jg-wjww-7c5w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", "reference_id": "GHSA-64jg-wjww-7c5w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25663", "GHSA-64jg-wjww-7c5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4y-m6ca-nyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44736?format=api", "vulnerability_id": "VCID-6yy3-r6mh-j3e8", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31244", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31211", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31243", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31278", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31312", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25665" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25665" }, { "reference_url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-558h-mq8x-7q9g" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", "reference_id": "GHSA-558h-mq8x-7q9g", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25665", "GHSA-558h-mq8x-7q9g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yy3-r6mh-j3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44752?format=api", "vulnerability_id": "VCID-8nt4-mp8z-b3et", "summary": "Double Free\nTensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25112", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2517", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2522", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25235", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801" }, { "reference_url": "https://github.com/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f49c-87jh-g47q" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", "reference_id": "GHSA-f49c-87jh-g47q", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25801", "GHSA-f49c-87jh-g47q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nt4-mp8z-b3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44744?format=api", "vulnerability_id": "VCID-b31k-j7yk-muhz", "summary": "Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81228", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81251", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81255", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81258", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81256", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25668" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25668" }, { "reference_url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gw97-ff7c-9v96" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", "reference_id": "GHSA-gw97-ff7c-9v96", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25668", "GHSA-gw97-ff7c-9v96" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b31k-j7yk-muhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44743?format=api", "vulnerability_id": "VCID-c1qd-61t7-2fe3", "summary": "Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43605", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43639", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43663", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43652", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25667" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25667" }, { "reference_url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqm2-gh8w-gr68" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", "reference_id": "GHSA-fqm2-gh8w-gr68", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25667", "GHSA-fqm2-gh8w-gr68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1qd-61t7-2fe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44730?format=api", "vulnerability_id": "VCID-cvdm-ubbq-63ew", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47245", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25660" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25660" }, { "reference_url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjqc-vqcf-5qvj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", "reference_id": "GHSA-qjqc-vqcf-5qvj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25660", "GHSA-qjqc-vqcf-5qvj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvdm-ubbq-63ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44746?format=api", "vulnerability_id": "VCID-dftm-vs4w-kfag", "summary": "Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25568", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25626", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25674", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25683", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25664" }, { "reference_url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hg6-5c2q-7rcr" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr", "reference_id": "GHSA-6hg6-5c2q-7rcr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25664", "GHSA-6hg6-5c2q-7rcr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dftm-vs4w-kfag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44731?format=api", "vulnerability_id": "VCID-ev9c-cxzc-p7hb", "summary": "Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 is vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35456", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35485", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35524", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35562", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35551", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25662" }, { "reference_url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jvm-xxmr-v5cw" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", "reference_id": "GHSA-7jvm-xxmr-v5cw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25662", "GHSA-7jvm-xxmr-v5cw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev9c-cxzc-p7hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44741?format=api", "vulnerability_id": "VCID-h18h-987d-q7he", "summary": "Incorrect Comparison\nTensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4282", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27579" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27579" }, { "reference_url": "https://github.com/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5w96-866f-6rm8" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", "reference_id": "GHSA-5w96-866f-6rm8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-27579", "GHSA-5w96-866f-6rm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h18h-987d-q7he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44750?format=api", "vulnerability_id": "VCID-j7jy-3r33-x7fy", "summary": "NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60404", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60426", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60443", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60454", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60451", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25674" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25674" }, { "reference_url": "https://github.com/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf97-q72m-7579" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", "reference_id": "GHSA-gf97-q72m-7579", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25674", "GHSA-gf97-q72m-7579" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jy-3r33-x7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44755?format=api", "vulnerability_id": "VCID-jswv-zqu6-efee", "summary": "TensorFlow Denial of Service vulnerability\n### Impact\nA malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack.\nTo minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed in real-world systems. However, if we call the model with a malicious input which has a zero dimension, it gives Check Failed failure and crashes.\n```python\nimport tensorflow as tf\n\nclass MyModel(tf.keras.Model):\n def __init__(self):\n super().__init__()\n self.conv = tf.keras.layers.Convolution3DTranspose(2, [3,3,3], padding=\"same\")\n \n def call(self, input):\n return self.conv(input)\nmodel = MyModel() # Defines a valid model.\n\nx = tf.random.uniform([1, 32, 32, 32, 3], minval=0, maxval=0, dtype=tf.float32) # This is a valid input.\noutput = model.predict(x)\nprint(output.shape) # (1, 32, 32, 32, 2)\n\nx = tf.random.uniform([1, 32, 32, 0, 3], dtype=tf.float32) # This is an invalid input.\noutput = model(x) # crash\n```\nThis Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services.\n\n### Patches\nWe have patched the issue in\n- GitHub commit [948fe6369a5711d4b4568ea9bbf6015c6dfb77e2](https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2)\n - GitHub commit [85db5d07db54b853484bfd358c3894d948c36baf](https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf). \n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n ### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37103", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.3704", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37079", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37111", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37012", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25661" }, { "reference_url": "https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25661", "reference_id": "CVE-2023-25661", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25661" }, { "reference_url": "https://github.com/advisories/GHSA-fxgc-95xx-grvq", "reference_id": "GHSA-fxgc-95xx-grvq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxgc-95xx-grvq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq", "reference_id": "GHSA-fxgc-95xx-grvq", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25661", "GHSA-fxgc-95xx-grvq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jswv-zqu6-efee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44749?format=api", "vulnerability_id": "VCID-mj52-z2qy-4bd8", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28126", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28063", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28107", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28147", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28197", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25672" }, { "reference_url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-94mm-g2mv-8p7r" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r", "reference_id": "GHSA-94mm-g2mv-8p7r", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25672", "GHSA-94mm-g2mv-8p7r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj52-z2qy-4bd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44734?format=api", "vulnerability_id": "VCID-mkr8-shuu-1qhk", "summary": "Out-of-bounds Write\nTensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55192", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55213", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5522", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55211", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25671" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25671", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25671" }, { "reference_url": "https://github.com/advisories/GHSA-j5w9-hmfh-4cr6", "reference_id": "GHSA-j5w9-hmfh-4cr6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5w9-hmfh-4cr6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", "reference_id": "GHSA-j5w9-hmfh-4cr6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25671", "GHSA-j5w9-hmfh-4cr6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkr8-shuu-1qhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44748?format=api", "vulnerability_id": "VCID-q2hk-yjnj-jbfb", "summary": "NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47245", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25676" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25676" }, { "reference_url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6wfh-89q8-44jq" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", "reference_id": "GHSA-6wfh-89q8-44jq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25676", "GHSA-6wfh-89q8-44jq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2hk-yjnj-jbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44737?format=api", "vulnerability_id": "VCID-qh3y-aeak-u3hg", "summary": "Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.4248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42502", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42537", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42564", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42554", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25659" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25659" }, { "reference_url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93vr-9q9m-pj8p" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", "reference_id": "GHSA-93vr-9q9m-pj8p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25659", "GHSA-93vr-9q9m-pj8p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh3y-aeak-u3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44732?format=api", "vulnerability_id": "VCID-upnq-6wx8-gug8", "summary": "Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51571", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51583", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51616", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51637", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51631", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25673" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25673" }, { "reference_url": "https://github.com/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-647v-r7qq-24fh" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh", "reference_id": "GHSA-647v-r7qq-24fh", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25673", "GHSA-647v-r7qq-24fh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upnq-6wx8-gug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44742?format=api", "vulnerability_id": "VCID-v68f-q5vf-wkf5", "summary": "Incorrect Comparison\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4282", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42881", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4287", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25675" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25675" }, { "reference_url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x4v-9gxg-9hwj" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", "reference_id": "GHSA-7x4v-9gxg-9hwj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25675", "GHSA-7x4v-9gxg-9hwj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v68f-q5vf-wkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44738?format=api", "vulnerability_id": "VCID-w5vq-nwu5-pken", "summary": "NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47226", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47245", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47275", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47293", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47291", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25670" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25670" }, { "reference_url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49rq-hwc3-x77w" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", "reference_id": "GHSA-49rq-hwc3-x77w", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25670", "GHSA-49rq-hwc3-x77w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5vq-nwu5-pken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44735?format=api", "vulnerability_id": "VCID-xej2-7wvk-xuec", "summary": "Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out-of-bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16963", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1692", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17037", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17042", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25658" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/tensorflow/tensorflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tensorflow/tensorflow" }, { "reference_url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25658" }, { "reference_url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68v3-g9cm-rmm6" }, { "reference_url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", "reference_id": "GHSA-68v3-g9cm-rmm6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/" } ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64391?format=api", "purl": "pkg:pypi/tensorflow-cpu@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37j3-cnw5-4fch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" } ], "aliases": [ "CVE-2023-25658", "GHSA-68v3-g9cm-rmm6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xej2-7wvk-xuec" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1" }