{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","type":"pypi","namespace":"","name":"tensorflow-cpu","version":"2.8.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.12.1","latest_non_vulnerable_version":"2.12.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44733?format=json","vulnerability_id":"VCID-1jte-hpg7-gydx","summary":"Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25669","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42796","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42857","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42881","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4287","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25669"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25669","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25669"},{"reference_url":"https://github.com/advisories/GHSA-rcf8-g8jv-vg6p","reference_id":"GHSA-rcf8-g8jv-vg6p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rcf8-g8jv-vg6p"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p","reference_id":"GHSA-rcf8-g8jv-vg6p","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25669","GHSA-rcf8-g8jv-vg6p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jte-hpg7-gydx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44739?format=json","vulnerability_id":"VCID-36ey-jnev-qqf8","summary":"Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25666","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17098","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17056","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17135","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1717","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17174","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25666"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25666","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25666"},{"reference_url":"https://github.com/advisories/GHSA-f637-vh3r-vfh2","reference_id":"GHSA-f637-vh3r-vfh2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f637-vh3r-vfh2"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2","reference_id":"GHSA-f637-vh3r-vfh2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25666","GHSA-f637-vh3r-vfh2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36ey-jnev-qqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55592?format=json","vulnerability_id":"VCID-37j3-cnw5-4fch","summary":"TensorFlow has segfault in array_ops.upper_bound\n`array_ops.upper_bound` causes a segfault when not given a rank 2 tensor.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33976","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11156","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1127","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11278","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33976"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33976","reference_id":"CVE-2023-33976","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33976"},{"reference_url":"https://github.com/advisories/GHSA-gjh7-xx4r-x345","reference_id":"GHSA-gjh7-xx4r-x345","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjh7-xx4r-x345"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345","reference_id":"GHSA-gjh7-xx4r-x345","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82284?format=json","purl":"pkg:pypi/tensorflow-cpu@2.12.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.12.1"}],"aliases":["CVE-2023-33976","GHSA-gjh7-xx4r-x345"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37j3-cnw5-4fch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44751?format=json","vulnerability_id":"VCID-6f4y-m6ca-nyf6","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25663","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42948","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42974","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4301","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4303","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43022","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25663"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25663"},{"reference_url":"https://github.com/advisories/GHSA-64jg-wjww-7c5w","reference_id":"GHSA-64jg-wjww-7c5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64jg-wjww-7c5w"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w","reference_id":"GHSA-64jg-wjww-7c5w","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25663","GHSA-64jg-wjww-7c5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4y-m6ca-nyf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44736?format=json","vulnerability_id":"VCID-6yy3-r6mh-j3e8","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25665","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31244","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31211","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31243","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31278","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31312","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25665"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25665","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25665"},{"reference_url":"https://github.com/advisories/GHSA-558h-mq8x-7q9g","reference_id":"GHSA-558h-mq8x-7q9g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-558h-mq8x-7q9g"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g","reference_id":"GHSA-558h-mq8x-7q9g","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25665","GHSA-558h-mq8x-7q9g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6yy3-r6mh-j3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44752?format=json","vulnerability_id":"VCID-8nt4-mp8z-b3et","summary":"Double Free\nTensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25801","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25139","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25112","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2517","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2522","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25235","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25801"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25801","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25801"},{"reference_url":"https://github.com/advisories/GHSA-f49c-87jh-g47q","reference_id":"GHSA-f49c-87jh-g47q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f49c-87jh-g47q"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q","reference_id":"GHSA-f49c-87jh-g47q","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25801","GHSA-f49c-87jh-g47q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nt4-mp8z-b3et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44744?format=json","vulnerability_id":"VCID-b31k-j7yk-muhz","summary":"Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25668","reference_id":"","reference_type":"","scores":[{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81228","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81251","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81255","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81258","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81256","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25668"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25668","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25668"},{"reference_url":"https://github.com/advisories/GHSA-gw97-ff7c-9v96","reference_id":"GHSA-gw97-ff7c-9v96","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gw97-ff7c-9v96"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96","reference_id":"GHSA-gw97-ff7c-9v96","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25668","GHSA-gw97-ff7c-9v96"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b31k-j7yk-muhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44743?format=json","vulnerability_id":"VCID-c1qd-61t7-2fe3","summary":"Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25667","reference_id":"","reference_type":"","scores":[{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43581","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43605","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43639","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43663","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43652","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25667"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25667","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25667"},{"reference_url":"https://github.com/advisories/GHSA-fqm2-gh8w-gr68","reference_id":"GHSA-fqm2-gh8w-gr68","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fqm2-gh8w-gr68"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68","reference_id":"GHSA-fqm2-gh8w-gr68","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25667","GHSA-fqm2-gh8w-gr68"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1qd-61t7-2fe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44730?format=json","vulnerability_id":"VCID-cvdm-ubbq-63ew","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25660","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47245","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47275","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47293","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47291","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25660"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25660","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25660"},{"reference_url":"https://github.com/advisories/GHSA-qjqc-vqcf-5qvj","reference_id":"GHSA-qjqc-vqcf-5qvj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qjqc-vqcf-5qvj"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj","reference_id":"GHSA-qjqc-vqcf-5qvj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25660","GHSA-qjqc-vqcf-5qvj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvdm-ubbq-63ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44746?format=json","vulnerability_id":"VCID-dftm-vs4w-kfag","summary":"Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25664","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25581","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25568","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25626","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25674","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25683","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25664"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25664","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25664"},{"reference_url":"https://github.com/advisories/GHSA-6hg6-5c2q-7rcr","reference_id":"GHSA-6hg6-5c2q-7rcr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6hg6-5c2q-7rcr"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr","reference_id":"GHSA-6hg6-5c2q-7rcr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25664","GHSA-6hg6-5c2q-7rcr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dftm-vs4w-kfag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44731?format=json","vulnerability_id":"VCID-ev9c-cxzc-p7hb","summary":"Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 is vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25662","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35456","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35485","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35524","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35562","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35551","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25662","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25662"},{"reference_url":"https://github.com/advisories/GHSA-7jvm-xxmr-v5cw","reference_id":"GHSA-7jvm-xxmr-v5cw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jvm-xxmr-v5cw"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw","reference_id":"GHSA-7jvm-xxmr-v5cw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25662","GHSA-7jvm-xxmr-v5cw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ev9c-cxzc-p7hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44741?format=json","vulnerability_id":"VCID-h18h-987d-q7he","summary":"Incorrect Comparison\nTensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27579","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4287","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42857","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42881","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27579"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27579","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27579"},{"reference_url":"https://github.com/advisories/GHSA-5w96-866f-6rm8","reference_id":"GHSA-5w96-866f-6rm8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5w96-866f-6rm8"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8","reference_id":"GHSA-5w96-866f-6rm8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-27579","GHSA-5w96-866f-6rm8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h18h-987d-q7he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44750?format=json","vulnerability_id":"VCID-j7jy-3r33-x7fy","summary":"NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25674","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60404","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60426","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60443","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60454","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60451","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25674"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25674","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25674"},{"reference_url":"https://github.com/advisories/GHSA-gf97-q72m-7579","reference_id":"GHSA-gf97-q72m-7579","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf97-q72m-7579"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579","reference_id":"GHSA-gf97-q72m-7579","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25674","GHSA-gf97-q72m-7579"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jy-3r33-x7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44755?format=json","vulnerability_id":"VCID-jswv-zqu6-efee","summary":"TensorFlow Denial of Service vulnerability\n### Impact\nA malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack.\nTo minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed in real-world systems. However, if we call the model with a malicious input which has a zero dimension, it gives Check Failed failure and crashes.\n```python\nimport tensorflow as tf\n\nclass MyModel(tf.keras.Model):\n def __init__(self):\n  super().__init__()\n  self.conv = tf.keras.layers.Convolution3DTranspose(2, [3,3,3], padding=\"same\")\n  \n def call(self, input):\n  return self.conv(input)\nmodel = MyModel() # Defines a valid model.\n\nx = tf.random.uniform([1, 32, 32, 32, 3], minval=0, maxval=0, dtype=tf.float32) # This is a valid input.\noutput = model.predict(x)\nprint(output.shape) # (1, 32, 32, 32, 2)\n\nx = tf.random.uniform([1, 32, 32, 0, 3], dtype=tf.float32) # This is an invalid input.\noutput = model(x) # crash\n```\nThis Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services.\n\n### Patches\nWe have patched the issue in\n- GitHub commit [948fe6369a5711d4b4568ea9bbf6015c6dfb77e2](https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2)\n - GitHub commit [85db5d07db54b853484bfd358c3894d948c36baf](https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf). \n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n ### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25661","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37103","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3704","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37079","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37111","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37012","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25661"},{"reference_url":"https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25661","reference_id":"CVE-2023-25661","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25661"},{"reference_url":"https://github.com/advisories/GHSA-fxgc-95xx-grvq","reference_id":"GHSA-fxgc-95xx-grvq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxgc-95xx-grvq"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq","reference_id":"GHSA-fxgc-95xx-grvq","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25661","GHSA-fxgc-95xx-grvq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jswv-zqu6-efee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44749?format=json","vulnerability_id":"VCID-mj52-z2qy-4bd8","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25672","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28126","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28063","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28107","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28147","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28197","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25672"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25672","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25672"},{"reference_url":"https://github.com/advisories/GHSA-94mm-g2mv-8p7r","reference_id":"GHSA-94mm-g2mv-8p7r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-94mm-g2mv-8p7r"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r","reference_id":"GHSA-94mm-g2mv-8p7r","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25672","GHSA-94mm-g2mv-8p7r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mj52-z2qy-4bd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44734?format=json","vulnerability_id":"VCID-mkr8-shuu-1qhk","summary":"Out-of-bounds Write\nTensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25671","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55192","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55155","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55213","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5522","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55211","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25671"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25671","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25671"},{"reference_url":"https://github.com/advisories/GHSA-j5w9-hmfh-4cr6","reference_id":"GHSA-j5w9-hmfh-4cr6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j5w9-hmfh-4cr6"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6","reference_id":"GHSA-j5w9-hmfh-4cr6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25671","GHSA-j5w9-hmfh-4cr6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkr8-shuu-1qhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44748?format=json","vulnerability_id":"VCID-q2hk-yjnj-jbfb","summary":"NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25676","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47245","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47275","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47293","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47291","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25676"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25676","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25676"},{"reference_url":"https://github.com/advisories/GHSA-6wfh-89q8-44jq","reference_id":"GHSA-6wfh-89q8-44jq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6wfh-89q8-44jq"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq","reference_id":"GHSA-6wfh-89q8-44jq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25676","GHSA-6wfh-89q8-44jq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2hk-yjnj-jbfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44737?format=json","vulnerability_id":"VCID-qh3y-aeak-u3hg","summary":"Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25659","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.4248","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42502","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42537","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42564","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42554","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25659"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25659","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25659"},{"reference_url":"https://github.com/advisories/GHSA-93vr-9q9m-pj8p","reference_id":"GHSA-93vr-9q9m-pj8p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93vr-9q9m-pj8p"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p","reference_id":"GHSA-93vr-9q9m-pj8p","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25659","GHSA-93vr-9q9m-pj8p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh3y-aeak-u3hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44732?format=json","vulnerability_id":"VCID-upnq-6wx8-gug8","summary":"Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25673","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51571","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51583","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51616","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51637","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51631","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25673"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25673","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25673"},{"reference_url":"https://github.com/advisories/GHSA-647v-r7qq-24fh","reference_id":"GHSA-647v-r7qq-24fh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-647v-r7qq-24fh"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh","reference_id":"GHSA-647v-r7qq-24fh","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25673","GHSA-647v-r7qq-24fh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upnq-6wx8-gug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44742?format=json","vulnerability_id":"VCID-v68f-q5vf-wkf5","summary":"Incorrect Comparison\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25675","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42796","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42857","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42881","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4287","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25675"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25675","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25675"},{"reference_url":"https://github.com/advisories/GHSA-7x4v-9gxg-9hwj","reference_id":"GHSA-7x4v-9gxg-9hwj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7x4v-9gxg-9hwj"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj","reference_id":"GHSA-7x4v-9gxg-9hwj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25675","GHSA-7x4v-9gxg-9hwj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v68f-q5vf-wkf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44738?format=json","vulnerability_id":"VCID-w5vq-nwu5-pken","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25670","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47245","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47275","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47293","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47291","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25670"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25670","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25670"},{"reference_url":"https://github.com/advisories/GHSA-49rq-hwc3-x77w","reference_id":"GHSA-49rq-hwc3-x77w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-49rq-hwc3-x77w"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w","reference_id":"GHSA-49rq-hwc3-x77w","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25670","GHSA-49rq-hwc3-x77w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5vq-nwu5-pken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44735?format=json","vulnerability_id":"VCID-xej2-7wvk-xuec","summary":"Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out-of-bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25658","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16963","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1692","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17002","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17037","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17042","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25658"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25658","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25658"},{"reference_url":"https://github.com/advisories/GHSA-68v3-g9cm-rmm6","reference_id":"GHSA-68v3-g9cm-rmm6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68v3-g9cm-rmm6"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6","reference_id":"GHSA-68v3-g9cm-rmm6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64391?format=json","purl":"pkg:pypi/tensorflow-cpu@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.11.1"}],"aliases":["CVE-2023-25658","GHSA-68v3-g9cm-rmm6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xej2-7wvk-xuec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102255?format=json","vulnerability_id":"VCID-yrtd-47vc-muff","summary":"TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41887","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3399","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34107","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34091","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36511","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36474","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41887"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41887","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41887"},{"reference_url":"https://github.com/advisories/GHSA-8fvv-46hw-vpg3","reference_id":"GHSA-8fvv-46hw-vpg3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fvv-46hw-vpg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41887","GHSA-8fvv-46hw-vpg3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrtd-47vc-muff"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102271?format=json","vulnerability_id":"VCID-1b48-dfec-4ycn","summary":"TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41907","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35079","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35042","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35137","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35152","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35114","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41907"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41907","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41907"},{"reference_url":"https://github.com/advisories/GHSA-368v-7v32-52fx","reference_id":"GHSA-368v-7v32-52fx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-368v-7v32-52fx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41907","GHSA-368v-7v32-52fx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1b48-dfec-4ycn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102274?format=json","vulnerability_id":"VCID-1xee-v43t-c7c4","summary":"TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41910","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55649","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55655","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55599","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41910"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41910","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41910"},{"reference_url":"https://github.com/advisories/GHSA-frqp-wp83-qggv","reference_id":"GHSA-frqp-wp83-qggv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-frqp-wp83-qggv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41910","GHSA-frqp-wp83-qggv","GMS-2022-6997","GMS-2022-7005","GMS-2022-7013"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xee-v43t-c7c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102254?format=json","vulnerability_id":"VCID-42t9-hpd3-hufy","summary":"TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41886","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35236","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35196","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35313","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35277","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41886"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41886","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41886"},{"reference_url":"https://github.com/advisories/GHSA-54pp-c6pp-7fpx","reference_id":"GHSA-54pp-c6pp-7fpx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54pp-c6pp-7fpx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41886","GHSA-54pp-c6pp-7fpx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42t9-hpd3-hufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102267?format=json","vulnerability_id":"VCID-6aey-qzrr-9qdk","summary":"TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41899","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35588","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40337","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41899"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41899","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41899"},{"reference_url":"https://github.com/advisories/GHSA-27rc-728f-x5w2","reference_id":"GHSA-27rc-728f-x5w2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27rc-728f-x5w2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41899","GHSA-27rc-728f-x5w2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6aey-qzrr-9qdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102270?format=json","vulnerability_id":"VCID-71dj-4wgv-dkfa","summary":"TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41902","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53077","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53052","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53113","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53121","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53102","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41902"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41902","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41902"},{"reference_url":"https://github.com/advisories/GHSA-cg88-rpvp-cjv5","reference_id":"GHSA-cg88-rpvp-cjv5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg88-rpvp-cjv5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41902","GHSA-cg88-rpvp-cjv5","GMS-2022-6995","GMS-2022-7003","GMS-2022-7011"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71dj-4wgv-dkfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102260?format=json","vulnerability_id":"VCID-a2bj-bk9e-7fdw","summary":"TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41891","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35588","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40337","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41891"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41891","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41891"},{"reference_url":"https://github.com/advisories/GHSA-66vq-54fq-6jvv","reference_id":"GHSA-66vq-54fq-6jvv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66vq-54fq-6jvv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41891","GHSA-66vq-54fq-6jvv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2bj-bk9e-7fdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102265?format=json","vulnerability_id":"VCID-bmq7-ywhj-w3ap","summary":"TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41897","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35236","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35196","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35313","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35277","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41897"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41897","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41897"},{"reference_url":"https://github.com/advisories/GHSA-f2w8-jw48-fr7j","reference_id":"GHSA-f2w8-jw48-fr7j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f2w8-jw48-fr7j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41897","GHSA-f2w8-jw48-fr7j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmq7-ywhj-w3ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102257?format=json","vulnerability_id":"VCID-dvpe-15m7-puh4","summary":"TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41889","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31003","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31038","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31103","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3107","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31036","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41889"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41889","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41889"},{"reference_url":"https://github.com/advisories/GHSA-xxcj-rhqg-m46g","reference_id":"GHSA-xxcj-rhqg-m46g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxcj-rhqg-m46g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41889","GHSA-xxcj-rhqg-m46g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvpe-15m7-puh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110201?format=json","vulnerability_id":"VCID-e8a2-ny5z-73au","summary":"`CHECK` failure in `SobolSample` via missing validation\n### Impact\nAnother instance of CVE-2022-35935, where `SobolSample` is vulnerable to a denial of service via assumed scalar inputs, was found and fixed.\n```python\nimport tensorflow as tf\ntf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1]))\n```\n\n### Patches\nWe have patched the issue in GitHub commits [c65c67f88ad770662e8f191269a907bf2b94b1bf](https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf) and [02400ea266bd811fc016a848445de1bbff3a23a0](https://github.com/tensorflow/tensorflow/commit/02400ea266bd811fc016a848445de1bbff3a23a0)\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick both commits on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. TensorFlow 2.7.4 will have the first commit cherrypicked.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by:\n- Kang Hong Jin from Singapore Management University\n- Neophytos Christou, Secure Systems Labs, Brown University\n- 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology\n- Pattarakrit Rattankul","references":[{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc"},{"reference_url":"https://github.com/advisories/GHSA-cqvq-fvhr-v6hc","reference_id":"GHSA-cqvq-fvhr-v6hc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cqvq-fvhr-v6hc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["GHSA-cqvq-fvhr-v6hc","GMS-2022-6996","GMS-2022-7004","GMS-2022-7012"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8a2-ny5z-73au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102269?format=json","vulnerability_id":"VCID-ekmw-8ekq-1bfq","summary":"TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41901","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52276","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52247","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57725","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57785","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57777","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41901"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41901","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41901"},{"reference_url":"https://github.com/advisories/GHSA-g9fm-r5mm-rf9f","reference_id":"GHSA-g9fm-r5mm-rf9f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g9fm-r5mm-rf9f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41901","GHSA-g9fm-r5mm-rf9f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekmw-8ekq-1bfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102261?format=json","vulnerability_id":"VCID-eseh-ekjx-yffk","summary":"TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41893","reference_id":"","reference_type":"","scores":[{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41225","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41205","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41282","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41286","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41255","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41893"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41893","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41893"},{"reference_url":"https://github.com/advisories/GHSA-67pf-62xr-q35m","reference_id":"GHSA-67pf-62xr-q35m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-67pf-62xr-q35m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41893","GHSA-67pf-62xr-q35m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eseh-ekjx-yffk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102251?format=json","vulnerability_id":"VCID-ghqz-dfeq-rygz","summary":"TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41884","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32381","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32421","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35169","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35134","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41884"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41884","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41884"},{"reference_url":"https://github.com/advisories/GHSA-jq6x-99hj-q636","reference_id":"GHSA-jq6x-99hj-q636","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jq6x-99hj-q636"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41884","GHSA-jq6x-99hj-q636"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghqz-dfeq-rygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102272?format=json","vulnerability_id":"VCID-hm4p-s6xd-8uf5","summary":"TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41908","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49113","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49084","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54738","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54796","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54806","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41908"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41908","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41908"},{"reference_url":"https://github.com/advisories/GHSA-mv77-9g28-cwg3","reference_id":"GHSA-mv77-9g28-cwg3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mv77-9g28-cwg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41908","GHSA-mv77-9g28-cwg3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hm4p-s6xd-8uf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110102?format=json","vulnerability_id":"VCID-kzhb-zzzm-ebe1","summary":"`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode\n### Impact\nAnother instance of CVE-2022-35991, where `TensorListScatter` and `TensorListScatterV2` crash via non scalar inputs in`element_shape`, was found in eager mode and fixed.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)\narg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_3=''\ntf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1, \nelement_shape=arg_2, name=arg_3)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf9932fc907aff0e9e8cccf769e8b00d30fd81a1](https://github.com/tensorflow/tensorflow/commit/bf9932fc907aff0e9e8cccf769e8b00d30fd81a1).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul","references":[{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m"},{"reference_url":"https://github.com/advisories/GHSA-xf83-q765-xm6m","reference_id":"GHSA-xf83-q765-xm6m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xf83-q765-xm6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["GHSA-xf83-q765-xm6m","GMS-2022-7001","GMS-2022-7009","GMS-2022-7017"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzhb-zzzm-ebe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102273?format=json","vulnerability_id":"VCID-nn1z-3z62-5fby","summary":"TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41909","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60705","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60688","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65613","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65677","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65666","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41909"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41909","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41909"},{"reference_url":"https://github.com/advisories/GHSA-rjx6-v474-2ch9","reference_id":"GHSA-rjx6-v474-2ch9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjx6-v474-2ch9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41909","GHSA-rjx6-v474-2ch9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nn1z-3z62-5fby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102275?format=json","vulnerability_id":"VCID-rdtn-n88f-pqas","summary":"TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41911","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36456","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36427","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36521","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36529","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36492","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41911"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41911","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41911"},{"reference_url":"https://github.com/advisories/GHSA-pf36-r9c6-h97j","reference_id":"GHSA-pf36-r9c6-h97j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf36-r9c6-h97j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41911","GHSA-pf36-r9c6-h97j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtn-n88f-pqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102256?format=json","vulnerability_id":"VCID-rh99-4vre-gfde","summary":"TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41888","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41399","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41368","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47464","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47528","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47531","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41888"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41888","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41888"},{"reference_url":"https://github.com/advisories/GHSA-6x99-gv2v-q76v","reference_id":"GHSA-6x99-gv2v-q76v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6x99-gv2v-q76v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41888","GHSA-6x99-gv2v-q76v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rh99-4vre-gfde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102268?format=json","vulnerability_id":"VCID-scvf-p5ff-c3df","summary":"TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41900","reference_id":"","reference_type":"","scores":[{"value":"0.01207","scoring_system":"epss","scoring_elements":"0.79305","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01207","scoring_system":"epss","scoring_elements":"0.79315","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01243","scoring_system":"epss","scoring_elements":"0.79613","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01243","scoring_system":"epss","scoring_elements":"0.79644","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01243","scoring_system":"epss","scoring_elements":"0.79639","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41900"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41900","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41900"},{"reference_url":"https://github.com/advisories/GHSA-xvwp-h6jv-7472","reference_id":"GHSA-xvwp-h6jv-7472","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvwp-h6jv-7472"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41900","GHSA-xvwp-h6jv-7472"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scvf-p5ff-c3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102259?format=json","vulnerability_id":"VCID-tuqw-n8ka-jfht","summary":"TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41890","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34342","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34307","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34404","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3442","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34384","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41890"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41890","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41890"},{"reference_url":"https://github.com/advisories/GHSA-h246-cgh4-7475","reference_id":"GHSA-h246-cgh4-7475","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h246-cgh4-7475"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41890","GHSA-h246-cgh4-7475"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuqw-n8ka-jfht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102263?format=json","vulnerability_id":"VCID-vxm3-72uk-zbb8","summary":"TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41895","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35277","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35313","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35236","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35196","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41895"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41895","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41895"},{"reference_url":"https://github.com/advisories/GHSA-gq2j-cr96-gvqx","reference_id":"GHSA-gq2j-cr96-gvqx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gq2j-cr96-gvqx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41895","GHSA-gq2j-cr96-gvqx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxm3-72uk-zbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102249?format=json","vulnerability_id":"VCID-wdks-wa1n-ckhx","summary":"TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41880","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36583","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36685","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36677","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39249","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39276","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41880"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41880","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41880"},{"reference_url":"https://github.com/advisories/GHSA-8w5g-3wcv-9g2j","reference_id":"GHSA-8w5g-3wcv-9g2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w5g-3wcv-9g2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41880","GHSA-8w5g-3wcv-9g2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdks-wa1n-ckhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102266?format=json","vulnerability_id":"VCID-yy9b-ymk2-5kea","summary":"TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41898","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35588","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40337","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41898"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41898","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41898"},{"reference_url":"https://github.com/advisories/GHSA-hq7g-wwwp-q46h","reference_id":"GHSA-hq7g-wwwp-q46h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hq7g-wwwp-q46h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41898","GHSA-hq7g-wwwp-q46h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy9b-ymk2-5kea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102264?format=json","vulnerability_id":"VCID-zc2s-1rty-hyd9","summary":"TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41896","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35588","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40337","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41896"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41896","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41896"},{"reference_url":"https://github.com/advisories/GHSA-rmg2-f698-wq35","reference_id":"GHSA-rmg2-f698-wq35","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rmg2-f698-wq35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148482?format=json","purl":"pkg:pypi/tensorflow-cpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148484?format=json","purl":"pkg:pypi/tensorflow-cpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148486?format=json","purl":"pkg:pypi/tensorflow-cpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-jswv-zqu6-efee"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mkr8-shuu-1qhk"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.10.1"}],"aliases":["CVE-2022-41896","GHSA-rmg2-f698-wq35"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2s-1rty-hyd9"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.8.4"}