Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/tensorflow-gpu@2.7.4
purl pkg:pypi/tensorflow-gpu@2.7.4
Next non-vulnerable version 2.8.1
Latest non-vulnerable version 2.10.1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-ffkg-sa3q-8qfq
Aliases:
BIT-tensorflow-2022-23592
CVE-2022-23592
GHSA-vq36-27g6-p492
PYSEC-2022-101
PYSEC-2022-156
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
2.8.0
Affected by 81 other vulnerabilities.
VCID-uyv6-cmed-a7c3
Aliases:
BIT-tensorflow-2022-23593
CVE-2022-23593
GHSA-gwcx-jrx4-92w2
PYSEC-2022-102
PYSEC-2022-157
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
2.8.0
Affected by 81 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-ux3x-2756-n3av CVE-2022-41885
GHSA-762h-vpvw-3rcx

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T11:24:25.591773+00:00 GithubOSV Importer Fixing VCID-ux3x-2756-n3av https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-762h-vpvw-3rcx/GHSA-762h-vpvw-3rcx.json 38.6.0
2026-05-31T09:43:56.210704+00:00 PyPI Importer Affected by VCID-uyv6-cmed-a7c3 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:43:52.774071+00:00 PyPI Importer Affected by VCID-ffkg-sa3q-8qfq https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T01:01:22.565144+00:00 GHSA Importer Fixing VCID-ux3x-2756-n3av https://github.com/advisories/GHSA-762h-vpvw-3rcx 38.6.0