Search for packages
| purl | pkg:pypi/tensorflow-gpu@2.8.0rc1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d3k4-z4f1-hfhy
Aliases: CVE-2022-23592 GHSA-vq36-27g6-p492 PYSEC-2022-101 PYSEC-2022-156 |
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
Affected by 0 other vulnerabilities. |
|
VCID-hcud-kg7b-zyhx
Aliases: CVE-2022-23593 GHSA-gwcx-jrx4-92w2 PYSEC-2022-102 PYSEC-2022-157 |
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:16:46.777499+00:00 | Pypa Importer | Affected by | VCID-hcud-kg7b-zyhx | https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-gpu/PYSEC-2022-157.yaml | 38.6.0 |
| 2026-06-02T04:16:45.807084+00:00 | Pypa Importer | Affected by | VCID-d3k4-z4f1-hfhy | https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-gpu/PYSEC-2022-156.yaml | 38.6.0 |