VulnerableCode Package Details - pkg:pypi/tensorflow-cpu@1.7.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fjh5-fxj2-e3ap	Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).	CVE-2018-8825 GHSA-frxx-2m33-6wcr PYSEC-2019-208 PYSEC-2019-226 PYSEC-2019-233
VCID-q81h-cm4m-93c9	Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.	CVE-2018-7577 GHSA-qx2v-j445-g354 PYSEC-2019-207 PYSEC-2019-225 PYSEC-2019-232
VCID-qcq3-q226-u7gn	Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.	CVE-2018-7575 GHSA-mw6v-crh8-8533 PYSEC-2019-205 PYSEC-2019-223 PYSEC-2019-230
VCID-vwuk-11fn-ake8	Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.	CVE-2018-10055 GHSA-q492-f7gr-27rp PYSEC-2019-204 PYSEC-2019-222 PYSEC-2019-229

Vulnerability

Summary

Aliases

VCID-fjh5-fxj2-e3ap

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).

CVE-2018-8825
GHSA-frxx-2m33-6wcr
PYSEC-2019-208
PYSEC-2019-226
PYSEC-2019-233

VCID-q81h-cm4m-93c9

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.

CVE-2018-7577
GHSA-qx2v-j445-g354
PYSEC-2019-207
PYSEC-2019-225
PYSEC-2019-232

VCID-qcq3-q226-u7gn

Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.

CVE-2018-7575
GHSA-mw6v-crh8-8533
PYSEC-2019-205
PYSEC-2019-223
PYSEC-2019-230

VCID-vwuk-11fn-ake8

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.

CVE-2018-10055
GHSA-q492-f7gr-27rp
PYSEC-2019-204
PYSEC-2019-222
PYSEC-2019-229

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:05:40.907121+00:00	Pypa Importer	Fixing	VCID-qcq3-q226-u7gn	https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2019-223.yaml	38.6.0
2026-06-02T04:05:40.815835+00:00	Pypa Importer	Fixing	VCID-vwuk-11fn-ake8	https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2019-222.yaml	38.6.0
2026-06-02T04:05:40.614257+00:00	Pypa Importer	Fixing	VCID-q81h-cm4m-93c9	https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2019-225.yaml	38.6.0
2026-06-02T04:05:39.592886+00:00	Pypa Importer	Fixing	VCID-fjh5-fxj2-e3ap	https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2019-226.yaml	38.6.0