Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/tensorflow@2.6.4
purl pkg:pypi/tensorflow@2.6.4
Next non-vulnerable version 2.12.1
Latest non-vulnerable version 2.12.1
Risk 4.5
Vulnerabilities affecting this package (80)
Vulnerability Summary Fixed by
VCID-18pt-kr33-2yer
Aliases:
CVE-2023-25672
GHSA-94mm-g2mv-8p7r
2.11.1
Affected by 8 other vulnerabilities.
VCID-1g5k-pk73-xuag
Aliases:
CVE-2023-25665
GHSA-558h-mq8x-7q9g
2.11.1
Affected by 8 other vulnerabilities.
2.12.0
Affected by 1 other vulnerability.
VCID-2bhy-rya4-g3ag
Aliases:
CVE-2022-36026
GHSA-9cr2-8pwr-fhfq
TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-3f8t-3shh-4yd3
Aliases:
CVE-2023-33976
GHSA-gjh7-xx4r-x345
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.
2.12.1
Affected by 0 other vulnerabilities.
VCID-3kpb-9uen-27he
Aliases:
CVE-2022-35991
GHSA-vm7x-4qhj-rrcq
TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-3muc-6x8b-kfb7
Aliases:
CVE-2022-35996
GHSA-q5jv-m6qw-5g37
TensorFlow vulnerable to floating point exception in `Conv2D`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-3q2y-wpjf-5fe4
Aliases:
CVE-2022-35988
GHSA-9vqj-64pv-w55c
TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-43qh-mkdk-8qdg
Aliases:
CVE-2022-41886
GHSA-54pp-c6pp-7fpx
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-4r56-jkdr-6bg5
Aliases:
CVE-2022-35985
GHSA-9942-r22v-78cp
TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-4ugk-p8g3-wudu
Aliases:
CVE-2022-35983
GHSA-m6vp-8q9j-whx4
TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-4yvv-9g6x-efgz
Aliases:
CVE-2022-36019
GHSA-9j4v-pp28-mxv7
TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-5cnm-j98n-2ucq
Aliases:
CVE-2022-35998
GHSA-qhw4-wwr7-gjc5
TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-5ex3-kg4t-w3d4
Aliases:
CVE-2022-35986
GHSA-wr9v-g9vf-c74v
TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-5gxh-jraz-qqgt
Aliases:
CVE-2022-41901
GHSA-g9fm-r5mm-rf9f
`CHECK_EQ` fail via input in `SparseMatrixNNZ`
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-6bnz-371j-guax
Aliases:
CVE-2022-35995
GHSA-g9h5-vr8m-x2h4
TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-6d3g-yrc1-skgp
Aliases:
CVE-2022-41891
GHSA-66vq-54fq-6jvv
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-6d4y-v122-pffp
Aliases:
CVE-2023-25669
GHSA-rcf8-g8jv-vg6p
2.11.1
Affected by 8 other vulnerabilities.
VCID-6ujk-5hn7-g7dj
Aliases:
CVE-2023-25801
GHSA-f49c-87jh-g47q
2.11.1
Affected by 8 other vulnerabilities.
2.12.0
Affected by 1 other vulnerability.
VCID-774w-x7x9-8kdb
Aliases:
CVE-2022-36005
GHSA-r26c-679w-mrjm
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-7yn3-qktg-17fv
Aliases:
CVE-2022-36013
GHSA-828c-5j5q-vrjq
TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-89g9-7u28-s3hw
Aliases:
CVE-2022-35997
GHSA-p7hr-f446-x6qf
TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-8mbh-74v8-57bn
Aliases:
CVE-2022-41889
GHSA-xxcj-rhqg-m46g
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-8sbz-f5av-gkgh
Aliases:
CVE-2022-35982
GHSA-397c-5g2j-qxpv
TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-9f7c-q4z8-akd7
Aliases:
CVE-2022-36003
GHSA-cv2p-32v3-vhwq
TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-aq4b-cxh4-pqgy
Aliases:
CVE-2023-25658
GHSA-68v3-g9cm-rmm6
2.11.1
Affected by 8 other vulnerabilities.
VCID-cp1r-46ub-8yg8
Aliases:
CVE-2023-25660
GHSA-qjqc-vqcf-5qvj
2.11.1
Affected by 8 other vulnerabilities.
VCID-cs1n-e4ng-wbhu
Aliases:
CVE-2022-41908
GHSA-mv77-9g28-cwg3
TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-css2-4pa4-87gx
Aliases:
CVE-2023-25663
GHSA-64jg-wjww-7c5w
2.11.1
Affected by 8 other vulnerabilities.
VCID-cuak-225n-4fc5
Aliases:
CVE-2022-36015
GHSA-rh87-q4vg-m45j
TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-cy8p-kwfp-dfdz
Aliases:
CVE-2022-35981
GHSA-vxv8-r8q2-63xw
TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-dgzu-rtcf-sfdc
Aliases:
CVE-2022-36017
GHSA-wqmc-pm8c-2jhc
TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-esen-w1rc-73du
Aliases:
CVE-2023-25674
GHSA-gf97-q72m-7579
2.11.1
Affected by 8 other vulnerabilities.
VCID-f186-75wf-3bd5
Aliases:
CVE-2023-25664
GHSA-6hg6-5c2q-7rcr
2.11.1
Affected by 8 other vulnerabilities.
2.12.0
Affected by 1 other vulnerability.
VCID-f522-fb48-b3gc
Aliases:
CVE-2022-41888
GHSA-6x99-gv2v-q76v
TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-fujj-xc7u-ducv
Aliases:
CVE-2023-25673
GHSA-647v-r7qq-24fh
2.11.1
Affected by 8 other vulnerabilities.
VCID-gkxw-ufq4-2ffz
Aliases:
CVE-2022-41896
GHSA-rmg2-f698-wq35
TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-hp3e-kt3d-ykfr
Aliases:
CVE-2023-25670
GHSA-49rq-hwc3-x77w
2.11.1
Affected by 8 other vulnerabilities.
VCID-hs24-1u1m-7qbh
Aliases:
CVE-2022-36002
GHSA-mh3m-62v7-68xg
TensorFlow vulnerable to `CHECK` fail in `Unbatch`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-j4sc-7ycd-vkc4
Aliases:
CVE-2022-41900
GHSA-xvwp-h6jv-7472
FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-jb5e-3br8-nyau
Aliases:
CVE-2022-35990
GHSA-h7ff-cfc9-wmmh
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-jc4n-4jfy-x7ez
Aliases:
CVE-2023-25668
GHSA-gw97-ff7c-9v96
2.11.1
Affected by 8 other vulnerabilities.
2.12.0
Affected by 1 other vulnerability.
VCID-jg52-1he8-muhq
Aliases:
CVE-2022-35999
GHSA-37jf-mjv6-xfqw
TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-jhgz-re77-hkf5
Aliases:
CVE-2022-41884
GHSA-jq6x-99hj-q636
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-jw7z-91u8-23b4
Aliases:
CVE-2022-35994
GHSA-fhfc-2q7x-929f
TensorFlow vulnerable to `CHECK` fail in `CollectiveGather`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-k3fc-akkc-eyce
Aliases:
CVE-2022-35984
GHSA-p2xf-8hgm-hpw5
TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-mjz8-5aee-8bhn
Aliases:
CVE-2023-25662
GHSA-7jvm-xxmr-v5cw
2.11.1
Affected by 8 other vulnerabilities.
VCID-nktb-w1uc-zygy
Aliases:
CVE-2022-36016
GHSA-g468-qj8g-vcjc
TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-p36a-eb5k-rqgu
Aliases:
CVE-2023-25667
GHSA-fqm2-gh8w-gr68
2.11.1
Affected by 8 other vulnerabilities.
VCID-pgc2-gukr-r3dg
Aliases:
CVE-2022-36014
GHSA-7j3m-8g3c-9qqq
TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-pmvu-stzf-eqet
Aliases:
CVE-2022-35979
GHSA-v7vw-577f-vp8x
TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-pr47-unnv-d7a9
Aliases:
CVE-2023-27579
GHSA-5w96-866f-6rm8
2.11.1
Affected by 8 other vulnerabilities.
VCID-q17s-hqkj-kkht
Aliases:
CVE-2022-36000
GHSA-fqxc-pvf8-2w9v
TensorFlow vulnerable to null dereference on MLIR on empty function attributes
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-r7qz-zsk3-sqaq
Aliases:
CVE-2022-41911
GHSA-pf36-r9c6-h97j
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-rasj-1k6m-1yce
Aliases:
CVE-2022-35989
GHSA-j43h-pgmg-5hjq
TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-rcpp-92gk-6ybv
Aliases:
CVE-2022-41894
GHSA-h6q3-vv32-2cq5
TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-se4m-gfvh-sbds
Aliases:
CVE-2022-41890
GHSA-h246-cgh4-7475
TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-skd4-mkp3-ukef
Aliases:
CVE-2022-41880
GHSA-8w5g-3wcv-9g2j
TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-swe6-wcg7-5bgw
Aliases:
CVE-2022-35993
GHSA-wq6q-6m32-9rv9
TensorFlow vulnerable to `CHECK` fail in `SetSize`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-t8ye-2bn9-qkg1
Aliases:
CVE-2022-36001
GHSA-jqm7-m5q7-3hm5
TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-tn91-effk-ukcs
Aliases:
CVE-2022-41898
GHSA-hq7g-wwwp-q46h
TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-tyjm-zqv9-gbft
Aliases:
CVE-2022-35987
GHSA-w62h-8xjm-fv49
TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-unkw-ckgc-yqgv
Aliases:
CVE-2022-41897
GHSA-f2w8-jw48-fr7j
TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-v1bb-9jk5-9kfw
Aliases:
CVE-2023-25675
GHSA-7x4v-9gxg-9hwj
2.11.1
Affected by 8 other vulnerabilities.
2.12.0
Affected by 1 other vulnerability.
VCID-ve91-saat-hkeb
Aliases:
CVE-2023-25666
GHSA-f637-vh3r-vfh2
2.11.1
Affected by 8 other vulnerabilities.
2.12.0
Affected by 1 other vulnerability.
VCID-vsep-b318-4ffr
Aliases:
CVE-2022-36004
GHSA-mv8m-8x97-937q
TensorFlow vulnerable to `CHECK` fail in `tf.random.gamma`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-w66u-chbb-j3dr
Aliases:
CVE-2022-36027
GHSA-79h2-q768-fpxr
TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-wbyv-qzpx-ebfk
Aliases:
CVE-2022-36011
GHSA-fv43-93gv-vm8f
TensorFlow vulnerable to null dereference on MLIR on empty function attributes
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-x2kn-8qsj-pbcs
Aliases:
CVE-2022-41909
GHSA-rjx6-v474-2ch9
TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-xcqn-waa9-bkc3
Aliases:
CVE-2022-41907
GHSA-368v-7v32-52fx
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-xcst-tzxn-zfhm
Aliases:
CVE-2023-25676
GHSA-6wfh-89q8-44jq
2.11.1
Affected by 8 other vulnerabilities.
2.12.0
Affected by 1 other vulnerability.
VCID-xdz6-dgwj-sbgz
Aliases:
CVE-2022-41893
GHSA-67pf-62xr-q35m
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-xvbp-vvex-wqhd
Aliases:
CVE-2023-25661
GHSA-fxgc-95xx-grvq
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.
2.11.1
Affected by 8 other vulnerabilities.
VCID-y2yd-5v7s-gqeg
Aliases:
CVE-2022-36018
GHSA-m6cv-4fmf-66xf
TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-yjzz-juse-wydc
Aliases:
CVE-2022-41899
GHSA-27rc-728f-x5w2
TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-yxby-zjey-suga
Aliases:
CVE-2022-35992
GHSA-9v8w-xmr4-wgxp
TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-z8s1-q6s7-13ev
Aliases:
CVE-2022-36012
GHSA-jvhc-5hhr-w3v5
TensorFlow vulnerable to assertion fail on MLIR empty edge names
2.7.2
Affected by 44 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
VCID-zbsj-e2vm-rfbe
Aliases:
CVE-2022-41885
GHSA-762h-vpvw-3rcx
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
2.7.4
Affected by 42 other vulnerabilities.
2.8.1
Affected by 51 other vulnerabilities.
2.9.1
Affected by 46 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-zg4x-t8ft-x3fh
Aliases:
CVE-2022-41895
GHSA-gq2j-cr96-gvqx
`MirrorPadGrad` heap out of bounds read
2.8.4
Affected by 22 other vulnerabilities.
2.9.3
Affected by 22 other vulnerabilities.
2.10.1
Affected by 22 other vulnerabilities.
VCID-zpcr-vst7-v3e6
Aliases:
CVE-2023-25671
GHSA-j5w9-hmfh-4cr6
2.11.1
Affected by 8 other vulnerabilities.
VCID-zpxn-zz7d-k7d5
Aliases:
CVE-2023-25659
GHSA-93vr-9q9m-pj8p
2.11.1
Affected by 8 other vulnerabilities.
Vulnerabilities fixed by this package (24)
Vulnerability Summary Aliases
VCID-26bq-kxgk-zba5 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29201
GHSA-pqhm-4wvf-2jg8
VCID-2gju-dx21-gban TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29197
GHSA-hrg5-737c-2p56
VCID-3cnr-w5u6-fkf3 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29194
GHSA-h5g4-ppwx-48q2
VCID-7jnw-mvw8-qbcw TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29213
GHSA-5889-7v45-q28m
VCID-8h18-74sq-9uf1 `CHECK` failure in depthwise ops via overflows GHSA-mw6j-hh29-h379
GMS-2022-1528
GMS-2022-1532
GMS-2022-1536
VCID-8w84-59y3-6qgd TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29199
GHSA-p9rc-rmr5-529j
VCID-8ygv-ub5q-tug5 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29203
GHSA-jjm6-4vf7-cjh4
VCID-93t7-y91d-2fds TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29196
GHSA-5v77-j66x-4c4g
VCID-9egf-vt4b-mkfe TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29202
GHSA-cwpm-f78v-7m5c
VCID-bd7h-dc5y-ybhx TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29204
GHSA-hx9q-2mx4-m4pg
VCID-f3tp-9q7p-7ycd TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29208
GHSA-2r2f-g8mw-9gvr
VCID-gdrm-e3tn-z3hk TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29192
GHSA-h2wq-prv9-2f56
VCID-jwbd-47ef-xqa1 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29209
GHSA-f4rr-5m7v-wxcw
VCID-kzzh-afnu-dqef TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. CVE-2022-29216
GHSA-75c9-jrh4-79mc
VCID-ryrd-4pn5-4ugh TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29205
GHSA-54ch-gjq5-4976
VCID-t5p3-jcbx-hfg7 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29211
GHSA-xrp2-fhq4-4q3w
VCID-v2r1-wbmd-d7a1 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29198
GHSA-mg66-qvc5-rm93
VCID-vg3v-hjcr-uqc9 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29193
GHSA-2p9q-h29j-3f5v
VCID-vw5d-2grk-fufy TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29200
GHSA-2vv3-56qg-g2cf
VCID-w4fy-epnu-5qhr TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29195
GHSA-h48f-q7rw-hvr7
VCID-w9te-1qez-xkbc TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29206
GHSA-rc9w-5c64-9vqq
VCID-wxuj-p9gb-hucm TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29212
GHSA-8wwm-6264-x792
VCID-xnxz-krts-vufk TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29207
GHSA-5wpj-c6f7-24x8
VCID-zhts-sben-buf6 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. CVE-2022-29191
GHSA-fv25-wrff-wf86

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-14T11:53:31.189991+00:00 GitLab Importer Fixing VCID-8h18-74sq-9uf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/GMS-2022-1528.yml 38.6.0
2026-06-14T00:58:16.718804+00:00 GHSA Importer Fixing VCID-vg3v-hjcr-uqc9 https://github.com/advisories/GHSA-2p9q-h29j-3f5v 38.6.0
2026-06-12T19:36:14.136095+00:00 GitLab Importer Affected by VCID-3f8t-3shh-4yd3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-33976.yml 38.6.0
2026-06-12T18:50:30.451430+00:00 GitLab Importer Affected by VCID-xvbp-vvex-wqhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25661.yml 38.6.0
2026-06-12T18:50:29.347891+00:00 GitLab Importer Affected by VCID-zpcr-vst7-v3e6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25671.yml 38.6.0
2026-06-12T18:50:28.656666+00:00 GitLab Importer Affected by VCID-css2-4pa4-87gx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25663.yml 38.6.0
2026-06-12T18:50:27.950288+00:00 GitLab Importer Affected by VCID-6ujk-5hn7-g7dj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25801.yml 38.6.0
2026-06-12T18:50:27.270076+00:00 GitLab Importer Affected by VCID-6d4y-v122-pffp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25669.yml 38.6.0
2026-06-12T18:50:26.589895+00:00 GitLab Importer Affected by VCID-hp3e-kt3d-ykfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25670.yml 38.6.0
2026-06-12T18:50:25.902955+00:00 GitLab Importer Affected by VCID-pr47-unnv-d7a9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-27579.yml 38.6.0
2026-06-12T18:50:25.215039+00:00 GitLab Importer Affected by VCID-p36a-eb5k-rqgu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25667.yml 38.6.0
2026-06-12T18:50:24.519045+00:00 GitLab Importer Affected by VCID-f186-75wf-3bd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25664.yml 38.6.0
2026-06-12T18:50:23.832618+00:00 GitLab Importer Affected by VCID-ve91-saat-hkeb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25666.yml 38.6.0
2026-06-12T18:50:23.144009+00:00 GitLab Importer Affected by VCID-jc4n-4jfy-x7ez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25668.yml 38.6.0
2026-06-12T18:50:22.457633+00:00 GitLab Importer Affected by VCID-xcst-tzxn-zfhm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25676.yml 38.6.0
2026-06-12T18:50:21.766193+00:00 GitLab Importer Affected by VCID-fujj-xc7u-ducv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25673.yml 38.6.0
2026-06-12T18:50:21.042337+00:00 GitLab Importer Affected by VCID-v1bb-9jk5-9kfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25675.yml 38.6.0
2026-06-12T18:50:20.355961+00:00 GitLab Importer Affected by VCID-cp1r-46ub-8yg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25660.yml 38.6.0
2026-06-12T18:50:19.694345+00:00 GitLab Importer Affected by VCID-zpxn-zz7d-k7d5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25659.yml 38.6.0
2026-06-12T18:50:19.006252+00:00 GitLab Importer Affected by VCID-mjz8-5aee-8bhn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25662.yml 38.6.0
2026-06-12T18:50:18.314070+00:00 GitLab Importer Affected by VCID-1g5k-pk73-xuag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25665.yml 38.6.0
2026-06-12T18:50:17.644724+00:00 GitLab Importer Affected by VCID-18pt-kr33-2yer https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25672.yml 38.6.0
2026-06-12T18:50:16.914205+00:00 GitLab Importer Affected by VCID-esen-w1rc-73du https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25674.yml 38.6.0
2026-06-12T18:50:16.187828+00:00 GitLab Importer Affected by VCID-aq4b-cxh4-pqgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2023-25658.yml 38.6.0
2026-06-12T18:40:22.061278+00:00 GitLab Importer Affected by VCID-skd4-mkp3-ukef https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41880.yml 38.6.0
2026-06-12T18:39:54.880712+00:00 GitLab Importer Affected by VCID-8mbh-74v8-57bn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41889.yml 38.6.0
2026-06-12T18:39:43.790811+00:00 GitLab Importer Affected by VCID-jhgz-re77-hkf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41884.yml 38.6.0
2026-06-12T18:39:43.100524+00:00 GitLab Importer Affected by VCID-5gxh-jraz-qqgt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41901.yml 38.6.0
2026-06-12T18:39:42.198641+00:00 GitLab Importer Affected by VCID-xcqn-waa9-bkc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41907.yml 38.6.0
2026-06-12T18:39:41.553258+00:00 GitLab Importer Affected by VCID-zbsj-e2vm-rfbe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41885.yml 38.6.0
2026-06-12T18:39:40.683659+00:00 GitLab Importer Affected by VCID-43qh-mkdk-8qdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41886.yml 38.6.0
2026-06-12T18:39:40.024457+00:00 GitLab Importer Affected by VCID-yjzz-juse-wydc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41899.yml 38.6.0
2026-06-12T18:39:39.327807+00:00 GitLab Importer Affected by VCID-rcpp-92gk-6ybv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41894.yml 38.6.0
2026-06-12T18:39:38.648921+00:00 GitLab Importer Affected by VCID-tn91-effk-ukcs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41898.yml 38.6.0
2026-06-12T18:39:38.008585+00:00 GitLab Importer Affected by VCID-6d3g-yrc1-skgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41891.yml 38.6.0
2026-06-12T18:39:37.366053+00:00 GitLab Importer Affected by VCID-xdz6-dgwj-sbgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41893.yml 38.6.0
2026-06-12T18:39:36.708411+00:00 GitLab Importer Affected by VCID-se4m-gfvh-sbds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41890.yml 38.6.0
2026-06-12T18:39:36.058374+00:00 GitLab Importer Affected by VCID-zg4x-t8ft-x3fh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41895.yml 38.6.0
2026-06-12T18:39:35.397658+00:00 GitLab Importer Affected by VCID-f522-fb48-b3gc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41888.yml 38.6.0
2026-06-12T18:39:34.722281+00:00 GitLab Importer Affected by VCID-cs1n-e4ng-wbhu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41908.yml 38.6.0
2026-06-12T18:39:33.827870+00:00 GitLab Importer Affected by VCID-unkw-ckgc-yqgv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41897.yml 38.6.0
2026-06-12T18:39:33.162472+00:00 GitLab Importer Affected by VCID-x2kn-8qsj-pbcs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41909.yml 38.6.0
2026-06-12T18:39:32.506838+00:00 GitLab Importer Affected by VCID-j4sc-7ycd-vkc4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41900.yml 38.6.0
2026-06-12T18:39:31.823386+00:00 GitLab Importer Affected by VCID-r7qz-zsk3-sqaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41911.yml 38.6.0
2026-06-12T18:39:31.166225+00:00 GitLab Importer Affected by VCID-gkxw-ufq4-2ffz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-41896.yml 38.6.0
2026-06-12T18:33:11.969054+00:00 GitLab Importer Affected by VCID-nktb-w1uc-zygy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36016.yml 38.6.0
2026-06-12T18:33:03.493607+00:00 GitLab Importer Affected by VCID-swe6-wcg7-5bgw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35993.yml 38.6.0
2026-06-12T18:33:01.377121+00:00 GitLab Importer Affected by VCID-tyjm-zqv9-gbft https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35987.yml 38.6.0
2026-06-12T18:33:00.771729+00:00 GitLab Importer Affected by VCID-hs24-1u1m-7qbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36002.yml 38.6.0
2026-06-12T18:32:59.783453+00:00 GitLab Importer Affected by VCID-cy8p-kwfp-dfdz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35981.yml 38.6.0
2026-06-12T18:32:58.173569+00:00 GitLab Importer Affected by VCID-9f7c-q4z8-akd7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36003.yml 38.6.0
2026-06-12T18:32:55.261217+00:00 GitLab Importer Affected by VCID-jw7z-91u8-23b4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35994.yml 38.6.0
2026-06-12T18:32:54.301864+00:00 GitLab Importer Affected by VCID-774w-x7x9-8kdb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36005.yml 38.6.0
2026-06-12T18:32:53.666412+00:00 GitLab Importer Affected by VCID-6bnz-371j-guax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35995.yml 38.6.0
2026-06-12T18:32:52.121287+00:00 GitLab Importer Affected by VCID-7yn3-qktg-17fv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36013.yml 38.6.0
2026-06-12T18:32:50.383763+00:00 GitLab Importer Affected by VCID-z8s1-q6s7-13ev https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36012.yml 38.6.0
2026-06-12T18:32:49.781478+00:00 GitLab Importer Affected by VCID-cuak-225n-4fc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36015.yml 38.6.0
2026-06-12T18:32:49.150788+00:00 GitLab Importer Affected by VCID-3q2y-wpjf-5fe4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35988.yml 38.6.0
2026-06-12T18:32:46.000738+00:00 GitLab Importer Affected by VCID-w66u-chbb-j3dr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36027.yml 38.6.0
2026-06-12T18:32:45.095147+00:00 GitLab Importer Affected by VCID-k3fc-akkc-eyce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35984.yml 38.6.0
2026-06-12T18:32:43.954048+00:00 GitLab Importer Affected by VCID-2bhy-rya4-g3ag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36026.yml 38.6.0
2026-06-12T18:32:43.341568+00:00 GitLab Importer Affected by VCID-4yvv-9g6x-efgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36019.yml 38.6.0
2026-06-12T18:32:41.927502+00:00 GitLab Importer Affected by VCID-5cnm-j98n-2ucq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35998.yml 38.6.0
2026-06-12T18:32:39.053421+00:00 GitLab Importer Affected by VCID-t8ye-2bn9-qkg1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36001.yml 38.6.0
2026-06-12T18:32:35.820392+00:00 GitLab Importer Affected by VCID-jb5e-3br8-nyau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35990.yml 38.6.0
2026-06-12T18:32:33.550550+00:00 GitLab Importer Affected by VCID-yxby-zjey-suga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35992.yml 38.6.0
2026-06-12T18:32:32.575816+00:00 GitLab Importer Affected by VCID-3muc-6x8b-kfb7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35996.yml 38.6.0
2026-06-12T18:32:31.236626+00:00 GitLab Importer Affected by VCID-jg52-1he8-muhq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35999.yml 38.6.0
2026-06-12T18:32:23.005630+00:00 GitLab Importer Affected by VCID-pmvu-stzf-eqet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35979.yml 38.6.0
2026-06-12T18:32:21.824387+00:00 GitLab Importer Affected by VCID-8sbz-f5av-gkgh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35982.yml 38.6.0
2026-06-12T18:32:18.811430+00:00 GitLab Importer Affected by VCID-y2yd-5v7s-gqeg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36018.yml 38.6.0
2026-06-12T18:32:17.105026+00:00 GitLab Importer Affected by VCID-rasj-1k6m-1yce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35989.yml 38.6.0
2026-06-12T18:32:15.554078+00:00 GitLab Importer Affected by VCID-dgzu-rtcf-sfdc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36017.yml 38.6.0
2026-06-12T18:32:14.250910+00:00 GitLab Importer Affected by VCID-4r56-jkdr-6bg5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35985.yml 38.6.0
2026-06-12T18:32:10.621115+00:00 GitLab Importer Affected by VCID-4ugk-p8g3-wudu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35983.yml 38.6.0
2026-06-12T18:32:09.646849+00:00 GitLab Importer Affected by VCID-3kpb-9uen-27he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35991.yml 38.6.0
2026-06-12T18:32:08.762231+00:00 GitLab Importer Affected by VCID-pgc2-gukr-r3dg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36014.yml 38.6.0
2026-06-12T18:32:01.532930+00:00 GitLab Importer Affected by VCID-wbyv-qzpx-ebfk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36011.yml 38.6.0
2026-06-12T18:31:59.810147+00:00 GitLab Importer Affected by VCID-q17s-hqkj-kkht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36000.yml 38.6.0
2026-06-12T18:31:58.070112+00:00 GitLab Importer Affected by VCID-89g9-7u28-s3hw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35997.yml 38.6.0
2026-06-12T18:31:55.224046+00:00 GitLab Importer Affected by VCID-vsep-b318-4ffr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-36004.yml 38.6.0
2026-06-12T18:31:52.470014+00:00 GitLab Importer Affected by VCID-5ex3-kg4t-w3d4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-35986.yml 38.6.0
2026-06-12T18:16:31.564563+00:00 GitLab Importer Fixing VCID-7jnw-mvw8-qbcw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29213.yml 38.6.0
2026-06-12T18:16:28.190443+00:00 GitLab Importer Fixing VCID-kzzh-afnu-dqef https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29216.yml 38.6.0
2026-06-12T18:16:27.242414+00:00 GitLab Importer Fixing VCID-t5p3-jcbx-hfg7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29211.yml 38.6.0
2026-06-12T18:16:26.432579+00:00 GitLab Importer Fixing VCID-jwbd-47ef-xqa1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29209.yml 38.6.0
2026-06-12T18:16:25.832380+00:00 GitLab Importer Fixing VCID-wxuj-p9gb-hucm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29212.yml 38.6.0
2026-06-12T18:16:24.544662+00:00 GitLab Importer Fixing VCID-v2r1-wbmd-d7a1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29198.yml 38.6.0
2026-06-12T18:16:23.936669+00:00 GitLab Importer Fixing VCID-gdrm-e3tn-z3hk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29192.yml 38.6.0
2026-06-12T18:16:22.430167+00:00 GitLab Importer Fixing VCID-w4fy-epnu-5qhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29195.yml 38.6.0
2026-06-12T18:16:21.832202+00:00 GitLab Importer Fixing VCID-8ygv-ub5q-tug5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29203.yml 38.6.0
2026-06-12T18:16:21.252254+00:00 GitLab Importer Fixing VCID-3cnr-w5u6-fkf3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29194.yml 38.6.0
2026-06-12T18:16:20.480670+00:00 GitLab Importer Fixing VCID-8w84-59y3-6qgd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29199.yml 38.6.0
2026-06-12T18:16:19.896113+00:00 GitLab Importer Fixing VCID-26bq-kxgk-zba5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29201.yml 38.6.0
2026-06-12T18:16:19.321331+00:00 GitLab Importer Fixing VCID-xnxz-krts-vufk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29207.yml 38.6.0
2026-06-12T18:16:18.730833+00:00 GitLab Importer Fixing VCID-ryrd-4pn5-4ugh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29205.yml 38.6.0
2026-06-12T18:16:18.118525+00:00 GitLab Importer Fixing VCID-9egf-vt4b-mkfe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29202.yml 38.6.0
2026-06-12T18:16:17.521258+00:00 GitLab Importer Fixing VCID-w9te-1qez-xkbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29206.yml 38.6.0
2026-06-12T18:16:16.810864+00:00 GitLab Importer Fixing VCID-bd7h-dc5y-ybhx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29204.yml 38.6.0
2026-06-12T18:16:15.430904+00:00 GitLab Importer Fixing VCID-vg3v-hjcr-uqc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29193.yml 38.6.0
2026-06-12T18:16:14.840679+00:00 GitLab Importer Fixing VCID-93t7-y91d-2fds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29196.yml 38.6.0
2026-06-12T18:16:14.169267+00:00 GitLab Importer Fixing VCID-zhts-sben-buf6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29191.yml 38.6.0
2026-06-12T18:16:13.572743+00:00 GitLab Importer Fixing VCID-vw5d-2grk-fufy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29200.yml 38.6.0
2026-06-12T18:16:12.951275+00:00 GitLab Importer Fixing VCID-f3tp-9q7p-7ycd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29208.yml 38.6.0
2026-06-12T18:16:12.316455+00:00 GitLab Importer Fixing VCID-2gju-dx21-gban https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-29197.yml 38.6.0
2026-06-12T08:27:10.159564+00:00 GithubOSV Importer Fixing VCID-jwbd-47ef-xqa1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f4rr-5m7v-wxcw/GHSA-f4rr-5m7v-wxcw.json 38.6.0
2026-06-12T08:26:17.290185+00:00 GithubOSV Importer Fixing VCID-zhts-sben-buf6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fv25-wrff-wf86/GHSA-fv25-wrff-wf86.json 38.6.0
2026-06-12T08:26:10.991732+00:00 GithubOSV Importer Fixing VCID-kzzh-afnu-dqef https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-75c9-jrh4-79mc/GHSA-75c9-jrh4-79mc.json 38.6.0
2026-06-12T08:26:09.170837+00:00 GithubOSV Importer Fixing VCID-7jnw-mvw8-qbcw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5889-7v45-q28m/GHSA-5889-7v45-q28m.json 38.6.0
2026-06-12T08:25:43.106885+00:00 GithubOSV Importer Fixing VCID-3cnr-w5u6-fkf3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h5g4-ppwx-48q2/GHSA-h5g4-ppwx-48q2.json 38.6.0
2026-06-12T08:25:23.834342+00:00 GithubOSV Importer Fixing VCID-8w84-59y3-6qgd https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9rc-rmr5-529j/GHSA-p9rc-rmr5-529j.json 38.6.0
2026-06-12T08:25:10.994717+00:00 GithubOSV Importer Fixing VCID-93t7-y91d-2fds https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5v77-j66x-4c4g/GHSA-5v77-j66x-4c4g.json 38.6.0
2026-06-12T08:24:42.057046+00:00 GithubOSV Importer Fixing VCID-gdrm-e3tn-z3hk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h2wq-prv9-2f56/GHSA-h2wq-prv9-2f56.json 38.6.0
2026-06-12T08:23:53.472512+00:00 GithubOSV Importer Fixing VCID-9egf-vt4b-mkfe https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cwpm-f78v-7m5c/GHSA-cwpm-f78v-7m5c.json 38.6.0
2026-06-12T08:22:02.182895+00:00 GithubOSV Importer Fixing VCID-w9te-1qez-xkbc https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rc9w-5c64-9vqq/GHSA-rc9w-5c64-9vqq.json 38.6.0
2026-06-12T08:21:52.149618+00:00 GithubOSV Importer Fixing VCID-ryrd-4pn5-4ugh https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-54ch-gjq5-4976/GHSA-54ch-gjq5-4976.json 38.6.0
2026-06-12T08:21:42.895629+00:00 GithubOSV Importer Fixing VCID-wxuj-p9gb-hucm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8wwm-6264-x792/GHSA-8wwm-6264-x792.json 38.6.0
2026-06-12T08:21:21.499954+00:00 GithubOSV Importer Fixing VCID-26bq-kxgk-zba5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pqhm-4wvf-2jg8/GHSA-pqhm-4wvf-2jg8.json 38.6.0
2026-06-12T08:21:04.485066+00:00 GithubOSV Importer Fixing VCID-vw5d-2grk-fufy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2vv3-56qg-g2cf/GHSA-2vv3-56qg-g2cf.json 38.6.0
2026-06-12T08:20:49.995336+00:00 GithubOSV Importer Fixing VCID-t5p3-jcbx-hfg7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xrp2-fhq4-4q3w/GHSA-xrp2-fhq4-4q3w.json 38.6.0
2026-06-12T08:20:45.430421+00:00 GithubOSV Importer Fixing VCID-f3tp-9q7p-7ycd https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2r2f-g8mw-9gvr/GHSA-2r2f-g8mw-9gvr.json 38.6.0
2026-06-12T08:20:16.057683+00:00 GithubOSV Importer Fixing VCID-8ygv-ub5q-tug5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jjm6-4vf7-cjh4/GHSA-jjm6-4vf7-cjh4.json 38.6.0
2026-06-12T08:19:46.450453+00:00 GithubOSV Importer Fixing VCID-vg3v-hjcr-uqc9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2p9q-h29j-3f5v/GHSA-2p9q-h29j-3f5v.json 38.6.0
2026-06-12T08:19:32.320063+00:00 GithubOSV Importer Fixing VCID-xnxz-krts-vufk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5wpj-c6f7-24x8/GHSA-5wpj-c6f7-24x8.json 38.6.0
2026-06-12T08:19:30.459804+00:00 GithubOSV Importer Fixing VCID-bd7h-dc5y-ybhx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hx9q-2mx4-m4pg/GHSA-hx9q-2mx4-m4pg.json 38.6.0
2026-06-12T08:19:29.491192+00:00 GithubOSV Importer Fixing VCID-2gju-dx21-gban https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hrg5-737c-2p56/GHSA-hrg5-737c-2p56.json 38.6.0
2026-06-12T08:19:17.298810+00:00 GithubOSV Importer Fixing VCID-8h18-74sq-9uf1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mw6j-hh29-h379/GHSA-mw6j-hh29-h379.json 38.6.0
2026-06-12T08:19:08.009951+00:00 GithubOSV Importer Fixing VCID-w4fy-epnu-5qhr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h48f-q7rw-hvr7/GHSA-h48f-q7rw-hvr7.json 38.6.0
2026-06-12T08:18:34.180342+00:00 GithubOSV Importer Fixing VCID-v2r1-wbmd-d7a1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mg66-qvc5-rm93/GHSA-mg66-qvc5-rm93.json 38.6.0
2026-06-11T20:31:28.224638+00:00 GHSA Importer Fixing VCID-8h18-74sq-9uf1 https://github.com/advisories/GHSA-mw6j-hh29-h379 38.6.0
2026-06-11T20:31:25.600770+00:00 GHSA Importer Fixing VCID-kzzh-afnu-dqef https://github.com/advisories/GHSA-75c9-jrh4-79mc 38.6.0
2026-06-11T20:31:25.376531+00:00 GHSA Importer Fixing VCID-7jnw-mvw8-qbcw https://github.com/advisories/GHSA-5889-7v45-q28m 38.6.0
2026-06-11T20:31:25.039227+00:00 GHSA Importer Fixing VCID-wxuj-p9gb-hucm https://github.com/advisories/GHSA-8wwm-6264-x792 38.6.0
2026-06-11T20:31:24.485129+00:00 GHSA Importer Fixing VCID-t5p3-jcbx-hfg7 https://github.com/advisories/GHSA-xrp2-fhq4-4q3w 38.6.0
2026-06-11T20:31:24.148357+00:00 GHSA Importer Fixing VCID-jwbd-47ef-xqa1 https://github.com/advisories/GHSA-f4rr-5m7v-wxcw 38.6.0
2026-06-11T20:31:23.814065+00:00 GHSA Importer Fixing VCID-f3tp-9q7p-7ycd https://github.com/advisories/GHSA-2r2f-g8mw-9gvr 38.6.0
2026-06-11T20:31:23.509798+00:00 GHSA Importer Fixing VCID-xnxz-krts-vufk https://github.com/advisories/GHSA-5wpj-c6f7-24x8 38.6.0
2026-06-11T20:31:23.003875+00:00 GHSA Importer Fixing VCID-w9te-1qez-xkbc https://github.com/advisories/GHSA-rc9w-5c64-9vqq 38.6.0
2026-06-11T20:31:22.640631+00:00 GHSA Importer Fixing VCID-ryrd-4pn5-4ugh https://github.com/advisories/GHSA-54ch-gjq5-4976 38.6.0
2026-06-11T20:31:22.559237+00:00 GHSA Importer Fixing VCID-bd7h-dc5y-ybhx https://github.com/advisories/GHSA-hx9q-2mx4-m4pg 38.6.0
2026-06-11T20:31:22.162265+00:00 GHSA Importer Fixing VCID-8ygv-ub5q-tug5 https://github.com/advisories/GHSA-jjm6-4vf7-cjh4 38.6.0
2026-06-11T20:31:21.753297+00:00 GHSA Importer Fixing VCID-9egf-vt4b-mkfe https://github.com/advisories/GHSA-cwpm-f78v-7m5c 38.6.0
2026-06-11T20:31:21.227370+00:00 GHSA Importer Fixing VCID-26bq-kxgk-zba5 https://github.com/advisories/GHSA-pqhm-4wvf-2jg8 38.6.0
2026-06-11T20:31:20.893262+00:00 GHSA Importer Fixing VCID-vw5d-2grk-fufy https://github.com/advisories/GHSA-2vv3-56qg-g2cf 38.6.0
2026-06-11T20:31:20.750037+00:00 GHSA Importer Fixing VCID-8w84-59y3-6qgd https://github.com/advisories/GHSA-p9rc-rmr5-529j 38.6.0
2026-06-11T20:31:20.333069+00:00 GHSA Importer Fixing VCID-v2r1-wbmd-d7a1 https://github.com/advisories/GHSA-mg66-qvc5-rm93 38.6.0
2026-06-11T20:31:20.121836+00:00 GHSA Importer Fixing VCID-2gju-dx21-gban https://github.com/advisories/GHSA-hrg5-737c-2p56 38.6.0
2026-06-11T20:31:19.872562+00:00 GHSA Importer Fixing VCID-93t7-y91d-2fds https://github.com/advisories/GHSA-5v77-j66x-4c4g 38.6.0
2026-06-11T20:31:19.506229+00:00 GHSA Importer Fixing VCID-w4fy-epnu-5qhr https://github.com/advisories/GHSA-h48f-q7rw-hvr7 38.6.0
2026-06-11T20:31:19.186035+00:00 GHSA Importer Fixing VCID-3cnr-w5u6-fkf3 https://github.com/advisories/GHSA-h5g4-ppwx-48q2 38.6.0
2026-06-11T20:31:18.833591+00:00 GHSA Importer Fixing VCID-gdrm-e3tn-z3hk https://github.com/advisories/GHSA-h2wq-prv9-2f56 38.6.0
2026-06-11T20:31:18.411957+00:00 GHSA Importer Fixing VCID-zhts-sben-buf6 https://github.com/advisories/GHSA-fv25-wrff-wf86 38.6.0