{"url":"http://public2.vulnerablecode.io/api/packages/23648?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.0","type":"pypi","namespace":"","name":"tensorflow-cpu","version":"2.6.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.8.1","latest_non_vulnerable_version":"2.12.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8273?format=json","vulnerability_id":"VCID-11qd-d7c7-sbdm","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`. This is then used to validate that the `values` tensor has at least the required rank. However, `WithRankAtLeast` receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that `min_rank` is a 32-bits value and the value of `axis`, the `rank` argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21731","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53888","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21731"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-55.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-55.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-110.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-110.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.cc#L1961-L2059","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.cc#L1961-L2059"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.cc#L345-L358","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.cc#L345-L358"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21731","reference_id":"CVE-2022-21731","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21731"},{"reference_url":"https://github.com/advisories/GHSA-m4hf-j54p-p353","reference_id":"GHSA-m4hf-j54p-p353","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4hf-j54p-p353"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21731","CVE-2022-21731","GHSA-m4hf-j54p-p353","PYSEC-2022-110","PYSEC-2022-55"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11qd-d7c7-sbdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8272?format=json","vulnerability_id":"VCID-145d-k5w3-tfgz","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23567","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63951","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23567"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-76.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-76.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-131.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-131.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23567","reference_id":"CVE-2022-23567","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23567"},{"reference_url":"https://github.com/advisories/GHSA-rrx2-r989-2c43","reference_id":"GHSA-rrx2-r989-2c43","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rrx2-r989-2c43"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23567","CVE-2022-23567","GHSA-rrx2-r989-2c43","PYSEC-2022-131","PYSEC-2022-76"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-145d-k5w3-tfgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8308?format=json","vulnerability_id":"VCID-15nt-6tff-k7gb","summary":"Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23587","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53055","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23587"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-96.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-96.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-151.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-151.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L2621-L2689","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L2621-L2689"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/0aaaae6eca5a7175a193696383f582f53adab23f","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/0aaaae6eca5a7175a193696383f582f53adab23f"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23587","reference_id":"CVE-2022-23587","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23587"},{"reference_url":"https://github.com/advisories/GHSA-8jj7-5vxc-pg2q","reference_id":"GHSA-8jj7-5vxc-pg2q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jj7-5vxc-pg2q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23587","CVE-2022-23587","GHSA-8jj7-5vxc-pg2q","PYSEC-2022-151","PYSEC-2022-96"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15nt-6tff-k7gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8267?format=json","vulnerability_id":"VCID-1ah5-hm7a-ykep","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21730","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54937","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21730"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-54.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-54.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-109.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-109.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc#L209-L360","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:34Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc#L209-L360"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:34Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:34Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21730","reference_id":"CVE-2022-21730","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21730"},{"reference_url":"https://github.com/advisories/GHSA-vjg4-v33c-ggc4","reference_id":"GHSA-vjg4-v33c-ggc4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjg4-v33c-ggc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21730","CVE-2022-21730","GHSA-vjg4-v33c-ggc4","PYSEC-2022-109","PYSEC-2022-54"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ah5-hm7a-ykep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3227?format=json","vulnerability_id":"VCID-1sr1-happ-6ugc","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41221","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.06058","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41221"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-630.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-630.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-828.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-828.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-413.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-413.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41221","reference_id":"CVE-2021-41221","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41221"},{"reference_url":"https://github.com/advisories/GHSA-cqv6-3phm-hcwx","reference_id":"GHSA-cqv6-3phm-hcwx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cqv6-3phm-hcwx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41221","CVE-2021-41221","GHSA-cqv6-3phm-hcwx","PYSEC-2021-413","PYSEC-2021-630","PYSEC-2021-828"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sr1-happ-6ugc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3231?format=json","vulnerability_id":"VCID-2cw7-2xzs-abfz","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41217","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04734","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41217"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-626.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-626.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-824.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-824.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-409.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-409.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41217","reference_id":"CVE-2021-41217","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41217"},{"reference_url":"https://github.com/advisories/GHSA-5crj-c72x-m7gq","reference_id":"GHSA-5crj-c72x-m7gq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5crj-c72x-m7gq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41217","CVE-2021-41217","GHSA-5crj-c72x-m7gq","PYSEC-2021-409","PYSEC-2021-626","PYSEC-2021-824"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2cw7-2xzs-abfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3250?format=json","vulnerability_id":"VCID-2hqc-3d51-4yf5","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41198","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15708","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41198"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-608.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-608.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-806.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-806.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-391.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-391.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/9294094df6fea79271778eb7e7ae1bad8b5ef98f","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/9294094df6fea79271778eb7e7ae1bad8b5ef98f"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/46911","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/46911"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41198","reference_id":"CVE-2021-41198","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41198"},{"reference_url":"https://github.com/advisories/GHSA-2p25-55c9-h58q","reference_id":"GHSA-2p25-55c9-h58q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2p25-55c9-h58q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41198","CVE-2021-41198","GHSA-2p25-55c9-h58q","PYSEC-2021-391","PYSEC-2021-608","PYSEC-2021-806"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hqc-3d51-4yf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8285?format=json","vulnerability_id":"VCID-39ck-bm9t-kqhs","summary":"Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23557","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23557"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-66.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-66.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-121.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-121.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/internal/common.h#L75","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:48Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/internal/common.h#L75"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8c6f391a2282684a25cbfec7687bd5d35261a209","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:48Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8c6f391a2282684a25cbfec7687bd5d35261a209"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:48Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23557","reference_id":"CVE-2022-23557","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23557"},{"reference_url":"https://github.com/advisories/GHSA-gf2j-f278-xh4v","reference_id":"GHSA-gf2j-f278-xh4v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf2j-f278-xh4v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23557","CVE-2022-23557","GHSA-gf2j-f278-xh4v","PYSEC-2022-121","PYSEC-2022-66"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39ck-bm9t-kqhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8292?format=json","vulnerability_id":"VCID-3czq-3twf-skcg","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23573","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53033","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23573"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-82.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-82.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-137.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-137.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/assign_op.h#L30-L143","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:13Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/assign_op.h#L30-L143"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ef1d027be116f25e25bb94a60da491c2cf55bd0b","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:13Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ef1d027be116f25e25bb94a60da491c2cf55bd0b"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q85f-69q7-55h2","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:13Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q85f-69q7-55h2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23573","reference_id":"CVE-2022-23573","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23573"},{"reference_url":"https://github.com/advisories/GHSA-q85f-69q7-55h2","reference_id":"GHSA-q85f-69q7-55h2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q85f-69q7-55h2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23573","CVE-2022-23573","GHSA-q85f-69q7-55h2","PYSEC-2022-137","PYSEC-2022-82"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3czq-3twf-skcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8312?format=json","vulnerability_id":"VCID-3g5a-5csn-h3d9","summary":"Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23588","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53888","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23588"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-97.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-97.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-152.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-152.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/tensor.cc#L733-L781","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/tensor.cc#L733-L781"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1328-L1402","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1328-L1402"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/6b5adc0877de832b2a7c189532dbbbc64622eeb6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/6b5adc0877de832b2a7c189532dbbbc64622eeb6"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fx5c-h9f6-rv7c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fx5c-h9f6-rv7c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23588","reference_id":"CVE-2022-23588","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23588"},{"reference_url":"https://github.com/advisories/GHSA-fx5c-h9f6-rv7c","reference_id":"GHSA-fx5c-h9f6-rv7c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fx5c-h9f6-rv7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23588","CVE-2022-23588","GHSA-fx5c-h9f6-rv7c","PYSEC-2022-152","PYSEC-2022-97"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3g5a-5csn-h3d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8311?format=json","vulnerability_id":"VCID-466y-e26r-rka4","summary":"Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23595","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44697","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23595"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-103.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-103.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-158.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-158.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23595","reference_id":"CVE-2022-23595","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23595"},{"reference_url":"https://github.com/advisories/GHSA-fpcp-9h7m-ffpx","reference_id":"GHSA-fpcp-9h7m-ffpx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpcp-9h7m-ffpx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23595","CVE-2022-23595","GHSA-fpcp-9h7m-ffpx","PYSEC-2022-103","PYSEC-2022-158"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-466y-e26r-rka4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3239?format=json","vulnerability_id":"VCID-5d73-819a-xbeg","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41209","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04734","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41209"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-618.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-618.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-816.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-816.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-401.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-401.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41209","reference_id":"CVE-2021-41209","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41209"},{"reference_url":"https://github.com/advisories/GHSA-6hpv-v2rx-c5g6","reference_id":"GHSA-6hpv-v2rx-c5g6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6hpv-v2rx-c5g6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41209","CVE-2021-41209","GHSA-6hpv-v2rx-c5g6","PYSEC-2021-401","PYSEC-2021-618","PYSEC-2021-816"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5d73-819a-xbeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8318?format=json","vulnerability_id":"VCID-5tpp-sf62-zycs","summary":"Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23563","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02926","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23563"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-72.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-72.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-127.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-127.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23563","reference_id":"CVE-2022-23563","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23563"},{"reference_url":"https://github.com/advisories/GHSA-wc4g-r73w-x8mm","reference_id":"GHSA-wc4g-r73w-x8mm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wc4g-r73w-x8mm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23563","CVE-2022-23563","GHSA-wc4g-r73w-x8mm","PYSEC-2022-127","PYSEC-2022-72"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tpp-sf62-zycs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3234?format=json","vulnerability_id":"VCID-5ty2-z944-mbht","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41214","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05281","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41214"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-623.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-623.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-821.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-821.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-406.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-406.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41214","reference_id":"CVE-2021-41214","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41214"},{"reference_url":"https://github.com/advisories/GHSA-vwhq-49r4-gj9v","reference_id":"GHSA-vwhq-49r4-gj9v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vwhq-49r4-gj9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41214","CVE-2021-41214","GHSA-vwhq-49r4-gj9v","PYSEC-2021-406","PYSEC-2021-623","PYSEC-2021-821"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ty2-z944-mbht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3222?format=json","vulnerability_id":"VCID-5xgg-h9wh-3uh7","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41226","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05281","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41226"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-635.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-635.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-833.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-833.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-418.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-418.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41226","reference_id":"CVE-2021-41226","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41226"},{"reference_url":"https://github.com/advisories/GHSA-374m-jm66-3vj8","reference_id":"GHSA-374m-jm66-3vj8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-374m-jm66-3vj8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41226","CVE-2021-41226","GHSA-374m-jm66-3vj8","PYSEC-2021-418","PYSEC-2021-635","PYSEC-2021-833"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xgg-h9wh-3uh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8281?format=json","vulnerability_id":"VCID-6888-uhtp-8ub6","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21737","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21737"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-61.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-61.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-116.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-116.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/bincount_op.cc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:06Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/bincount_op.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/7019ce4f68925fd01cdafde26f8d8c938f47e6f9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:06Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/7019ce4f68925fd01cdafde26f8d8c938f47e6f9"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:06Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21737","reference_id":"CVE-2022-21737","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21737"},{"reference_url":"https://github.com/advisories/GHSA-f2vv-v9cg-qhh7","reference_id":"GHSA-f2vv-v9cg-qhh7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f2vv-v9cg-qhh7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21737","CVE-2022-21737","GHSA-f2vv-v9cg-qhh7","PYSEC-2022-116","PYSEC-2022-61"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6888-uhtp-8ub6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3225?format=json","vulnerability_id":"VCID-688g-g33x-67g9","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41223","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41223"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-632.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-632.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-830.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-830.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-415.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-415.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41223","reference_id":"CVE-2021-41223","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41223"},{"reference_url":"https://github.com/advisories/GHSA-f54p-f6jp-4rhr","reference_id":"GHSA-f54p-f6jp-4rhr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f54p-f6jp-4rhr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41223","CVE-2021-41223","GHSA-f54p-f6jp-4rhr","PYSEC-2021-415","PYSEC-2021-632","PYSEC-2021-830"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-688g-g33x-67g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8275?format=json","vulnerability_id":"VCID-6gnj-az99-h7b4","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21735","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21735"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-59.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-59.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-114.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-114.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_max_pool_op.cc#L36-L192","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:14Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_max_pool_op.cc#L36-L192"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ba4e8ac4dc2991e350d5cc407f8598c8d4ee70fb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:14Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ba4e8ac4dc2991e350d5cc407f8598c8d4ee70fb"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:14Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21735","reference_id":"CVE-2022-21735","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21735"},{"reference_url":"https://github.com/advisories/GHSA-87v6-crgm-2gfj","reference_id":"GHSA-87v6-crgm-2gfj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87v6-crgm-2gfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21735","CVE-2022-21735","GHSA-87v6-crgm-2gfj","PYSEC-2022-114","PYSEC-2022-59"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gnj-az99-h7b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8276?format=json","vulnerability_id":"VCID-83pe-ztey-dbf4","summary":"Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23569","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30304","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23569"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-78.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-78.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-133.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-133.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:46:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:46:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23569","reference_id":"CVE-2022-23569","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23569"},{"reference_url":"https://github.com/advisories/GHSA-qj5r-f9mv-rffh","reference_id":"GHSA-qj5r-f9mv-rffh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qj5r-f9mv-rffh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23569","CVE-2022-23569","GHSA-qj5r-f9mv-rffh","PYSEC-2022-133","PYSEC-2022-78"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83pe-ztey-dbf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8269?format=json","vulnerability_id":"VCID-97cs-4kx3-37gm","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21733","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46146","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21733"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-57.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-57.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-112.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-112.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/string_ngrams_op.cc#L29-L161","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:28Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/string_ngrams_op.cc#L29-L161"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f68fdab93fb7f4ddb4eb438c8fe052753c9413e8","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:28Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/f68fdab93fb7f4ddb4eb438c8fe052753c9413e8"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:28Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21733","reference_id":"CVE-2022-21733","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21733"},{"reference_url":"https://github.com/advisories/GHSA-98j8-c9q4-r38g","reference_id":"GHSA-98j8-c9q4-r38g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98j8-c9q4-r38g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21733","CVE-2022-21733","GHSA-98j8-c9q4-r38g","PYSEC-2022-112","PYSEC-2022-57"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97cs-4kx3-37gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8277?format=json","vulnerability_id":"VCID-9arh-a8wj-wka6","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21734","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21734"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-58.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-58.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-113.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-113.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21734","reference_id":"CVE-2022-21734","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21734"},{"reference_url":"https://github.com/advisories/GHSA-gcvh-66ff-4mwm","reference_id":"GHSA-gcvh-66ff-4mwm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcvh-66ff-4mwm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21734","CVE-2022-21734","GHSA-gcvh-66ff-4mwm","PYSEC-2022-113","PYSEC-2022-58"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9arh-a8wj-wka6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3229?format=json","vulnerability_id":"VCID-9dhc-1f13-5qht","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41219","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05669","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41219"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-628.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-628.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-826.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-826.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-411.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-411.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41219","reference_id":"CVE-2021-41219","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41219"},{"reference_url":"https://github.com/advisories/GHSA-4f99-p9c2-3j8x","reference_id":"GHSA-4f99-p9c2-3j8x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4f99-p9c2-3j8x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41219","CVE-2021-41219","GHSA-4f99-p9c2-3j8x","PYSEC-2021-411","PYSEC-2021-628","PYSEC-2021-826"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dhc-1f13-5qht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3241?format=json","vulnerability_id":"VCID-9gde-ga9q-pqb4","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41207","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04734","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41207"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-616.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-616.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-814.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-814.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-399.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-399.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/inplace_ops.cc#L72-L97","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/inplace_ops.cc#L72-L97"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/9de11bdc2cf1284b2f635419bd3e6bbc7643eb2c","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/9de11bdc2cf1284b2f635419bd3e6bbc7643eb2c"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/d11f21bbdfa54f3576ae860fc927bf23c675ebc0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/d11f21bbdfa54f3576ae860fc927bf23c675ebc0"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e67caccea81167402c62977b5c521f2a8b261d6a","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/e67caccea81167402c62977b5c521f2a8b261d6a"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41207","reference_id":"CVE-2021-41207","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41207"},{"reference_url":"https://github.com/advisories/GHSA-7v94-64hj-m82h","reference_id":"GHSA-7v94-64hj-m82h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7v94-64hj-m82h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41207","CVE-2021-41207","GHSA-7v94-64hj-m82h","PYSEC-2021-399","PYSEC-2021-616","PYSEC-2021-814"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gde-ga9q-pqb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3244?format=json","vulnerability_id":"VCID-9snf-qxka-83hd","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41204","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04734","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41204"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-614.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-614.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-812.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-812.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-397.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-397.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41204","reference_id":"CVE-2021-41204","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41204"},{"reference_url":"https://github.com/advisories/GHSA-786j-5qwq-r36x","reference_id":"GHSA-786j-5qwq-r36x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-786j-5qwq-r36x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41204","CVE-2021-41204","GHSA-786j-5qwq-r36x","PYSEC-2021-397","PYSEC-2021-614","PYSEC-2021-812"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9snf-qxka-83hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3249?format=json","vulnerability_id":"VCID-aad5-dg9x-53cz","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41199","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15708","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41199"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-609.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-609.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-807.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-807.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-392.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-392.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e5272d4204ff5b46136a1ef1204fc00597e21837","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/e5272d4204ff5b46136a1ef1204fc00597e21837"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/46914","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/46914"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41199","reference_id":"CVE-2021-41199","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41199"},{"reference_url":"https://github.com/advisories/GHSA-5hx2-qx8j-qjqm","reference_id":"GHSA-5hx2-qx8j-qjqm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5hx2-qx8j-qjqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41199","CVE-2021-41199","GHSA-5hx2-qx8j-qjqm","PYSEC-2021-392","PYSEC-2021-609","PYSEC-2021-807"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aad5-dg9x-53cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8283?format=json","vulnerability_id":"VCID-akmu-fas1-33h6","summary":"Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21741","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46146","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21741"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-65.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-65.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-120.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-120.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/depthwise_conv.cc#L96","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/depthwise_conv.cc#L96"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e5b0eec199c2d03de54fd6a7fd9275692218e2bc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/e5b0eec199c2d03de54fd6a7fd9275692218e2bc"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21741","reference_id":"CVE-2022-21741","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21741"},{"reference_url":"https://github.com/advisories/GHSA-428x-9xc2-m8mj","reference_id":"GHSA-428x-9xc2-m8mj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-428x-9xc2-m8mj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21741","CVE-2022-21741","GHSA-428x-9xc2-m8mj","PYSEC-2022-120","PYSEC-2022-65"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akmu-fas1-33h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8316?format=json","vulnerability_id":"VCID-axj7-aq9m-rqdu","summary":"Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23571","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30304","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23571"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-80.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-80.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-135.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-135.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/5b491cd5e41ad63735161cec9c2a568172c8b6a3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:18Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/5b491cd5e41ad63735161cec9c2a568172c8b6a3"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j3mj-fhpq-qqjj","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:18Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j3mj-fhpq-qqjj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23571","reference_id":"CVE-2022-23571","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23571"},{"reference_url":"https://github.com/advisories/GHSA-j3mj-fhpq-qqjj","reference_id":"GHSA-j3mj-fhpq-qqjj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3mj-fhpq-qqjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23571","CVE-2022-23571","GHSA-j3mj-fhpq-qqjj","PYSEC-2022-135","PYSEC-2022-80"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axj7-aq9m-rqdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3220?format=json","vulnerability_id":"VCID-b8sr-erwh-5yh8","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41228","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12379","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41228"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-637.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-637.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-835.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-835.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-420.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-420.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41228","reference_id":"CVE-2021-41228","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41228"},{"reference_url":"https://github.com/advisories/GHSA-3rcw-9p9x-582v","reference_id":"GHSA-3rcw-9p9x-582v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3rcw-9p9x-582v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41228","CVE-2021-41228","GHSA-3rcw-9p9x-582v","PYSEC-2021-420","PYSEC-2021-637","PYSEC-2021-835"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8sr-erwh-5yh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3221?format=json","vulnerability_id":"VCID-bm3u-2ych-eqac","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41227","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.241","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41227"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-636.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-636.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-834.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-834.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-419.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-419.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41227","reference_id":"CVE-2021-41227","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41227"},{"reference_url":"https://github.com/advisories/GHSA-j8c8-67vp-6mx7","reference_id":"GHSA-j8c8-67vp-6mx7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j8c8-67vp-6mx7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41227","CVE-2021-41227","GHSA-j8c8-67vp-6mx7","PYSEC-2021-419","PYSEC-2021-636","PYSEC-2021-834"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bm3u-2ych-eqac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8289?format=json","vulnerability_id":"VCID-ccv1-pgda-r7ba","summary":"Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23566","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60401","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23566"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-75.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-75.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-130.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-130.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.h#L394","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.h#L394"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc#L1132-L1141","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc#L1132-L1141"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/97282c6d0d34476b6ba033f961590b783fa184cd","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/97282c6d0d34476b6ba033f961590b783fa184cd"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:54Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23566","reference_id":"CVE-2022-23566","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23566"},{"reference_url":"https://github.com/advisories/GHSA-5qw5-89mw-wcg2","reference_id":"GHSA-5qw5-89mw-wcg2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5qw5-89mw-wcg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23566","CVE-2022-23566","GHSA-5qw5-89mw-wcg2","PYSEC-2022-130","PYSEC-2022-75"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccv1-pgda-r7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3248?format=json","vulnerability_id":"VCID-cu5c-pmqv-xkdz","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41200","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15532","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41200"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-610.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-610.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-808.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-808.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-393.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-393.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/874bda09e6702cd50bac90b453b50bcc65b2769e","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/874bda09e6702cd50bac90b453b50bcc65b2769e"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/46909","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/46909"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh8h-7j2j-qv4f","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh8h-7j2j-qv4f"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41200","reference_id":"CVE-2021-41200","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41200"},{"reference_url":"https://github.com/advisories/GHSA-gh8h-7j2j-qv4f","reference_id":"GHSA-gh8h-7j2j-qv4f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gh8h-7j2j-qv4f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41200","CVE-2021-41200","GHSA-gh8h-7j2j-qv4f","PYSEC-2021-393","PYSEC-2021-610","PYSEC-2021-808"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cu5c-pmqv-xkdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8307?format=json","vulnerability_id":"VCID-cwvm-wntu-tfck","summary":"Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23579","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46146","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23579"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-88.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-88.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-143.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-143.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23579","reference_id":"CVE-2022-23579","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23579"},{"reference_url":"https://github.com/advisories/GHSA-5f2r-qp73-37mr","reference_id":"GHSA-5f2r-qp73-37mr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5f2r-qp73-37mr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23579","CVE-2022-23579","GHSA-5f2r-qp73-37mr","PYSEC-2022-143","PYSEC-2022-88"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwvm-wntu-tfck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8266?format=json","vulnerability_id":"VCID-d3dc-su6w-s3ag","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21726","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52734","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21726"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-50.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-50.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-105.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-105.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/dequantize_op.cc#L92-L153","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:31Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/dequantize_op.cc#L92-L153"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/23968a8bf65b009120c43b5ebcceaf52dbc9e943","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:31Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/23968a8bf65b009120c43b5ebcceaf52dbc9e943"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:31Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21726","reference_id":"CVE-2022-21726","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21726"},{"reference_url":"https://github.com/advisories/GHSA-23hm-7w47-xw72","reference_id":"GHSA-23hm-7w47-xw72","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-23hm-7w47-xw72"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21726","CVE-2022-21726","GHSA-23hm-7w47-xw72","PYSEC-2022-105","PYSEC-2022-50"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3dc-su6w-s3ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3237?format=json","vulnerability_id":"VCID-dj7v-yppg-ckdp","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41211","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05669","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41211"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-620.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-620.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-818.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-818.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-403.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-403.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a0d64445116c43cf46a5666bd4eee28e7a82f244","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/a0d64445116c43cf46a5666bd4eee28e7a82f244"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvgx-3v3q-m36c","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvgx-3v3q-m36c"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41211","reference_id":"CVE-2021-41211","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41211"},{"reference_url":"https://github.com/advisories/GHSA-cvgx-3v3q-m36c","reference_id":"GHSA-cvgx-3v3q-m36c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cvgx-3v3q-m36c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41211","CVE-2021-41211","GHSA-cvgx-3v3q-m36c","PYSEC-2021-403","PYSEC-2021-620","PYSEC-2021-818"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj7v-yppg-ckdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8302?format=json","vulnerability_id":"VCID-egc6-6pwr-fyej","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23577","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44697","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23577"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-86.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-86.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-141.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-141.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:02Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:02Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:02Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23577","reference_id":"CVE-2022-23577","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23577"},{"reference_url":"https://github.com/advisories/GHSA-8cxv-76p7-jxwr","reference_id":"GHSA-8cxv-76p7-jxwr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8cxv-76p7-jxwr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23577","CVE-2022-23577","GHSA-8cxv-76p7-jxwr","PYSEC-2022-141","PYSEC-2022-86"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egc6-6pwr-fyej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8294?format=json","vulnerability_id":"VCID-en5f-xtha-cyhp","summary":"Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23586","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53888","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23586"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-95.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-95.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-150.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-150.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:57Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23586","reference_id":"CVE-2022-23586","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23586"},{"reference_url":"https://github.com/advisories/GHSA-43jf-985q-588j","reference_id":"GHSA-43jf-985q-588j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43jf-985q-588j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23586","CVE-2022-23586","GHSA-43jf-985q-588j","PYSEC-2022-150","PYSEC-2022-95"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-en5f-xtha-cyhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8287?format=json","vulnerability_id":"VCID-ev23-kazv-nkas","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23575","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23575"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-84.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-84.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-139.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-139.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23575","reference_id":"CVE-2022-23575","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23575"},{"reference_url":"https://github.com/advisories/GHSA-c94w-c95p-phf8","reference_id":"GHSA-c94w-c95p-phf8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c94w-c95p-phf8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23575","CVE-2022-23575","GHSA-c94w-c95p-phf8","PYSEC-2022-139","PYSEC-2022-84"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ev23-kazv-nkas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8265?format=json","vulnerability_id":"VCID-ev84-gxjn-6bf1","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21727","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55077","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21727"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-51.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-51.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-106.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L3001-L3034","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L3001-L3034"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/b64638ec5ccaa77b7c1eb90958e3d85ce381f91b","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/b64638ec5ccaa77b7c1eb90958e3d85ce381f91b"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21727","reference_id":"CVE-2022-21727","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21727"},{"reference_url":"https://github.com/advisories/GHSA-c6fh-56w7-fvjw","reference_id":"GHSA-c6fh-56w7-fvjw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c6fh-56w7-fvjw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21727","CVE-2022-21727","GHSA-c6fh-56w7-fvjw","PYSEC-2022-106","PYSEC-2022-51"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ev84-gxjn-6bf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3243?format=json","vulnerability_id":"VCID-exm3-hpp6-g7hg","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41205","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41205"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-615.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-615.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-813.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-813.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-398.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-398.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41205","reference_id":"CVE-2021-41205","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41205"},{"reference_url":"https://github.com/advisories/GHSA-49rx-x2rw-pc6f","reference_id":"GHSA-49rx-x2rw-pc6f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-49rx-x2rw-pc6f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41205","CVE-2021-41205","GHSA-49rx-x2rw-pc6f","PYSEC-2021-398","PYSEC-2021-615","PYSEC-2021-813"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exm3-hpp6-g7hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8280?format=json","vulnerability_id":"VCID-eyqx-7k24-zfhq","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21738","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21738"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-62.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-62.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-117.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-117.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:09Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/6f4d3e8139ec724dbbcb40505891c81dd1052c4a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:09Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/6f4d3e8139ec724dbbcb40505891c81dd1052c4a"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:09Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21738","reference_id":"CVE-2022-21738","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21738"},{"reference_url":"https://github.com/advisories/GHSA-x4qx-4fjv-hmw6","reference_id":"GHSA-x4qx-4fjv-hmw6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4qx-4fjv-hmw6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21738","CVE-2022-21738","GHSA-x4qx-4fjv-hmw6","PYSEC-2022-117","PYSEC-2022-62"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eyqx-7k24-zfhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8286?format=json","vulnerability_id":"VCID-f25m-udat-n3fd","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23562","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58482","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23562"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-71.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-71.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-126.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-126.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/f0147751fd5d2ff23251149ebad9af9f03010732"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/52676","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/52676"},{"reference_url":"https://github.com/tensorflow/tensorflow/pull/51733","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/pull/51733"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23562","reference_id":"CVE-2022-23562","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23562"},{"reference_url":"https://github.com/advisories/GHSA-qx3f-p745-w4hr","reference_id":"GHSA-qx3f-p745-w4hr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qx3f-p745-w4hr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23562","CVE-2022-23562","GHSA-qx3f-p745-w4hr","PYSEC-2022-126","PYSEC-2022-71"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f25m-udat-n3fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8310?format=json","vulnerability_id":"VCID-f3cx-k63z-7qde","summary":"Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23559","reference_id":"","reference_type":"","scores":[{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67022","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23559"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-68.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-68.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-123.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-123.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:41Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23559","reference_id":"CVE-2022-23559","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23559"},{"reference_url":"https://github.com/advisories/GHSA-98p5-x8x4-c9m5","reference_id":"GHSA-98p5-x8x4-c9m5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98p5-x8x4-c9m5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23559","CVE-2022-23559","GHSA-98p5-x8x4-c9m5","PYSEC-2022-123","PYSEC-2022-68"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3cx-k63z-7qde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3228?format=json","vulnerability_id":"VCID-fa9v-1a1j-5ydf","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41220","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06407","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41220"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-629.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-629.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-827.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-827.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-412.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-412.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ca38dab9d3ee66c5de06f11af9a4b1200da5ef75","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/ca38dab9d3ee66c5de06f11af9a4b1200da5ef75"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gpfh-jvf9-7wg5","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gpfh-jvf9-7wg5"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41220","reference_id":"CVE-2021-41220","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41220"},{"reference_url":"https://github.com/advisories/GHSA-gpfh-jvf9-7wg5","reference_id":"GHSA-gpfh-jvf9-7wg5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gpfh-jvf9-7wg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41220","CVE-2021-41220","GHSA-gpfh-jvf9-7wg5","PYSEC-2021-412","PYSEC-2021-629","PYSEC-2021-827"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fa9v-1a1j-5ydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8296?format=json","vulnerability_id":"VCID-fggx-3rzd-8kf5","summary":"Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23585","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71345","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23585"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-94.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-94.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-149.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-149.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:17Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ab51e5b813573dc9f51efa335aebcf2994125ee9","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:17Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ab51e5b813573dc9f51efa335aebcf2994125ee9"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq6p-6334-8gr4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:17Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq6p-6334-8gr4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23585","reference_id":"CVE-2022-23585","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23585"},{"reference_url":"https://github.com/advisories/GHSA-fq6p-6334-8gr4","reference_id":"GHSA-fq6p-6334-8gr4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fq6p-6334-8gr4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23585","CVE-2022-23585","GHSA-fq6p-6334-8gr4","PYSEC-2022-149","PYSEC-2022-94"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fggx-3rzd-8kf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3246?format=json","vulnerability_id":"VCID-g144-4yvx-xybr","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41202","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11432","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41202"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-612.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-612.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-810.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-810.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-395.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-395.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/46889","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/46889"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/46912","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/46912"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41202","reference_id":"CVE-2021-41202","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41202"},{"reference_url":"https://github.com/advisories/GHSA-xrqm-fpgr-6hhx","reference_id":"GHSA-xrqm-fpgr-6hhx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xrqm-fpgr-6hhx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41202","CVE-2021-41202","GHSA-xrqm-fpgr-6hhx","PYSEC-2021-395","PYSEC-2021-612","PYSEC-2021-810"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g144-4yvx-xybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3224?format=json","vulnerability_id":"VCID-g423-bnfj-kybz","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41224","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41224"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-633.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-633.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-831.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-831.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-416.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-416.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41224","reference_id":"CVE-2021-41224","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41224"},{"reference_url":"https://github.com/advisories/GHSA-rg3m-hqc5-344v","reference_id":"GHSA-rg3m-hqc5-344v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rg3m-hqc5-344v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41224","CVE-2021-41224","GHSA-rg3m-hqc5-344v","PYSEC-2021-416","PYSEC-2021-633","PYSEC-2021-831"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g423-bnfj-kybz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8268?format=json","vulnerability_id":"VCID-g8er-52ns-j7b1","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21728","reference_id":"","reference_type":"","scores":[{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.78127","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21728"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-52.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-52.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-107.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-107.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.h#L415-L428","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.h#L415-L428"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21728","reference_id":"CVE-2022-21728","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21728"},{"reference_url":"https://github.com/advisories/GHSA-6gmv-pjp9-p8w8","reference_id":"GHSA-6gmv-pjp9-p8w8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6gmv-pjp9-p8w8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21728","CVE-2022-21728","GHSA-6gmv-pjp9-p8w8","PYSEC-2022-107","PYSEC-2022-52"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8er-52ns-j7b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8297?format=json","vulnerability_id":"VCID-g8ts-ghhv-33e3","summary":"Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23580","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.5366","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23580"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-89.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-89.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-144.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-144.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:27Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:27Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:27Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23580","reference_id":"CVE-2022-23580","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23580"},{"reference_url":"https://github.com/advisories/GHSA-627q-g293-49q7","reference_id":"GHSA-627q-g293-49q7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-627q-g293-49q7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23580","CVE-2022-23580","GHSA-627q-g293-49q7","PYSEC-2022-144","PYSEC-2022-89"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ts-ghhv-33e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3238?format=json","vulnerability_id":"VCID-gbft-tx74-wkhf","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41210","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41210"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-619.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-619.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-817.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-817.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-402.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-402.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41210","reference_id":"CVE-2021-41210","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41210"},{"reference_url":"https://github.com/advisories/GHSA-m342-ff57-4jcc","reference_id":"GHSA-m342-ff57-4jcc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m342-ff57-4jcc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41210","CVE-2021-41210","GHSA-m342-ff57-4jcc","PYSEC-2021-402","PYSEC-2021-619","PYSEC-2021-817"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbft-tx74-wkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8278?format=json","vulnerability_id":"VCID-gg98-zkw8-5ben","summary":"Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21725","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21725"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-49.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-49.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-104.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-104.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:17Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:17Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:17Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21725","reference_id":"CVE-2022-21725","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21725"},{"reference_url":"https://github.com/advisories/GHSA-v3f7-j968-4h5f","reference_id":"GHSA-v3f7-j968-4h5f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v3f7-j968-4h5f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21725","CVE-2022-21725","GHSA-v3f7-j968-4h5f","PYSEC-2022-104","PYSEC-2022-49"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gg98-zkw8-5ben"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8303?format=json","vulnerability_id":"VCID-hujj-6vv2-u3c2","summary":"Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23583","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52084","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23583"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-92.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-92.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-147.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-147.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:02Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:02Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:02Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23583","reference_id":"CVE-2022-23583","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23583"},{"reference_url":"https://github.com/advisories/GHSA-gjqc-q9g6-q2j3","reference_id":"GHSA-gjqc-q9g6-q2j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjqc-q9g6-q2j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23583","CVE-2022-23583","GHSA-gjqc-q9g6-q2j3","PYSEC-2022-147","PYSEC-2022-92"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hujj-6vv2-u3c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8309?format=json","vulnerability_id":"VCID-jdud-ufqp-4yg5","summary":"Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23591","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56558","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23591"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-100.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-100.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-155.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-155.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:48Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:48Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23591","reference_id":"CVE-2022-23591","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23591"},{"reference_url":"https://github.com/advisories/GHSA-247x-2f9f-5wp7","reference_id":"GHSA-247x-2f9f-5wp7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-247x-2f9f-5wp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23591","CVE-2022-23591","GHSA-247x-2f9f-5wp7","PYSEC-2022-100","PYSEC-2022-155"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdud-ufqp-4yg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3232?format=json","vulnerability_id":"VCID-kupu-frrt-pqen","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41216","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0578","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41216"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-625.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-625.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-823.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-823.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-408.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-408.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/ops/array_ops.cc#L121-L185","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/ops/array_ops.cc#L121-L185"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41216","reference_id":"CVE-2021-41216","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41216"},{"reference_url":"https://github.com/advisories/GHSA-3ff2-r28g-w7h9","reference_id":"GHSA-3ff2-r28g-w7h9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3ff2-r28g-w7h9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41216","CVE-2021-41216","GHSA-3ff2-r28g-w7h9","PYSEC-2021-408","PYSEC-2021-625","PYSEC-2021-823"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kupu-frrt-pqen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8279?format=json","vulnerability_id":"VCID-ky4u-eny7-33fy","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21729","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21729"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-53.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-53.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-108.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-108.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/unravel_index_op.cc#L36-L135","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:16Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/unravel_index_op.cc#L36-L135"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/58b34c6c8250983948b5a781b426f6aa01fd47af","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:16Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/58b34c6c8250983948b5a781b426f6aa01fd47af"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:16Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21729","reference_id":"CVE-2022-21729","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21729"},{"reference_url":"https://github.com/advisories/GHSA-34f9-hjfq-rr8j","reference_id":"GHSA-34f9-hjfq-rr8j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-34f9-hjfq-rr8j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21729","CVE-2022-21729","GHSA-34f9-hjfq-rr8j","PYSEC-2022-108","PYSEC-2022-53"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ky4u-eny7-33fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8298?format=json","vulnerability_id":"VCID-m4na-tgrp-d7fk","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23576","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23576"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-85.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-140.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-140.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:40Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:40Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:40Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23576","reference_id":"CVE-2022-23576","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23576"},{"reference_url":"https://github.com/advisories/GHSA-wm93-f238-7v37","reference_id":"GHSA-wm93-f238-7v37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wm93-f238-7v37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23576","CVE-2022-23576","GHSA-wm93-f238-7v37","PYSEC-2022-140","PYSEC-2022-85"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4na-tgrp-d7fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8291?format=json","vulnerability_id":"VCID-mtqg-yga8-eqeu","summary":"Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23581","reference_id":"","reference_type":"","scores":[{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65178","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23581"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-90.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-90.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-145.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-145.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23581","reference_id":"CVE-2022-23581","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23581"},{"reference_url":"https://github.com/advisories/GHSA-fq86-3f29-px2c","reference_id":"GHSA-fq86-3f29-px2c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fq86-3f29-px2c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23581","CVE-2022-23581","GHSA-fq86-3f29-px2c","PYSEC-2022-145","PYSEC-2022-90"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtqg-yga8-eqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3245?format=json","vulnerability_id":"VCID-myjm-gbbc-qucg","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41203","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05388","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41203"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-613.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-613.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-811.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-811.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-396.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-396.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41203","reference_id":"CVE-2021-41203","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41203"},{"reference_url":"https://github.com/advisories/GHSA-7pxj-m4jf-r6h2","reference_id":"GHSA-7pxj-m4jf-r6h2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7pxj-m4jf-r6h2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41203","CVE-2021-41203","GHSA-7pxj-m4jf-r6h2","PYSEC-2021-396","PYSEC-2021-613","PYSEC-2021-811"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myjm-gbbc-qucg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8301?format=json","vulnerability_id":"VCID-n62z-1akp-ebck","summary":"Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23584","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.4871","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23584"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-93.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-93.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-148.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-148.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L339-L346","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L339-L346"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e746adbfcfee15e9cfdb391ff746c765b99bdf9b","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/e746adbfcfee15e9cfdb391ff746c765b99bdf9b"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23584","reference_id":"CVE-2022-23584","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23584"},{"reference_url":"https://github.com/advisories/GHSA-24x4-6qmh-88qg","reference_id":"GHSA-24x4-6qmh-88qg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-24x4-6qmh-88qg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23584","CVE-2022-23584","GHSA-24x4-6qmh-88qg","PYSEC-2022-148","PYSEC-2022-93"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n62z-1akp-ebck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3226?format=json","vulnerability_id":"VCID-nfr9-fgdn-4kh8","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41222","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04734","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41222"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-631.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-631.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-829.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-829.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-414.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-414.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41222","reference_id":"CVE-2021-41222","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41222"},{"reference_url":"https://github.com/advisories/GHSA-cpf4-wx82-gxp6","reference_id":"GHSA-cpf4-wx82-gxp6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cpf4-wx82-gxp6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41222","CVE-2021-41222","GHSA-cpf4-wx82-gxp6","PYSEC-2021-414","PYSEC-2021-631","PYSEC-2021-829"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfr9-fgdn-4kh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8315?format=json","vulnerability_id":"VCID-ngkq-s26c-qkfj","summary":"Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23589","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53639","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23589"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-98.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-98.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-153.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-153.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23589","reference_id":"CVE-2022-23589","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23589"},{"reference_url":"https://github.com/advisories/GHSA-9px9-73fg-3fqp","reference_id":"GHSA-9px9-73fg-3fqp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9px9-73fg-3fqp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23589","CVE-2022-23589","GHSA-9px9-73fg-3fqp","PYSEC-2022-153","PYSEC-2022-98"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngkq-s26c-qkfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8317?format=json","vulnerability_id":"VCID-pe9p-a7nn-8bhj","summary":"Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23582","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23582"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-91.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-91.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-146.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-146.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23582","reference_id":"CVE-2022-23582","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23582"},{"reference_url":"https://github.com/advisories/GHSA-4j82-5ccr-4r8v","reference_id":"GHSA-4j82-5ccr-4r8v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4j82-5ccr-4r8v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23582","CVE-2022-23582","GHSA-4j82-5ccr-4r8v","PYSEC-2022-146","PYSEC-2022-91"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pe9p-a7nn-8bhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8293?format=json","vulnerability_id":"VCID-q4zv-syab-bbh8","summary":"Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23558","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.6033","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23558"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-67.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-67.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-122.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-122.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L24-L33","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L24-L33"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L53-L60","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/c/common.c#L53-L60"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a1e1511dde36b3f8aa27a6ec630838e7ea40e091","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/a1e1511dde36b3f8aa27a6ec630838e7ea40e091"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23558","reference_id":"CVE-2022-23558","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23558"},{"reference_url":"https://github.com/advisories/GHSA-9gwq-6cwj-47h3","reference_id":"GHSA-9gwq-6cwj-47h3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gwq-6cwj-47h3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23558","CVE-2022-23558","GHSA-9gwq-6cwj-47h3","PYSEC-2022-122","PYSEC-2022-67"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4zv-syab-bbh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3251?format=json","vulnerability_id":"VCID-qdnt-cg25-5kdx","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41197","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06691","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41197"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-607.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-607.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-805.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-805.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-390.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-390.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/46890","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/46890"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/51908","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/51908"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41197","reference_id":"CVE-2021-41197","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41197"},{"reference_url":"https://github.com/advisories/GHSA-prcg-wp5q-rv7p","reference_id":"GHSA-prcg-wp5q-rv7p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-prcg-wp5q-rv7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41197","CVE-2021-41197","GHSA-prcg-wp5q-rv7p","PYSEC-2021-390","PYSEC-2021-607","PYSEC-2021-805"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdnt-cg25-5kdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8304?format=json","vulnerability_id":"VCID-qgr6-bqrc-puhs","summary":"Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23560","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53147","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23560"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-69.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-69.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-124.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-124.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/internal/utils/sparsity_format_converter.cc#L252-L293","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/internal/utils/sparsity_format_converter.cc#L252-L293"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/6364463d6f5b6254cac3d6aedf999b6a96225038","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/6364463d6f5b6254cac3d6aedf999b6a96225038"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23560","reference_id":"CVE-2022-23560","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23560"},{"reference_url":"https://github.com/advisories/GHSA-4hvf-hxvg-f67v","reference_id":"GHSA-4hvf-hxvg-f67v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4hvf-hxvg-f67v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23560","CVE-2022-23560","GHSA-4hvf-hxvg-f67v","PYSEC-2022-124","PYSEC-2022-69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgr6-bqrc-puhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3252?format=json","vulnerability_id":"VCID-qvnc-gzf6-y3f3","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41196","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15532","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41196"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-606.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-606.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-804.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-804.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-389.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-389.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/51936","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/51936"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41196","reference_id":"CVE-2021-41196","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41196"},{"reference_url":"https://github.com/advisories/GHSA-m539-j985-hcr8","reference_id":"GHSA-m539-j985-hcr8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m539-j985-hcr8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41196","CVE-2021-41196","GHSA-m539-j985-hcr8","PYSEC-2021-389","PYSEC-2021-606","PYSEC-2021-804"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvnc-gzf6-y3f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8274?format=json","vulnerability_id":"VCID-qxqd-f1bw-y7h4","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21732","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21732"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-56.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-56.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-111.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-111.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T17:14:02Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T17:14:02Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T17:14:02Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21732","reference_id":"CVE-2022-21732","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21732"},{"reference_url":"https://github.com/advisories/GHSA-c582-c96p-r5cq","reference_id":"GHSA-c582-c96p-r5cq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c582-c96p-r5cq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21732","CVE-2022-21732","GHSA-c582-c96p-r5cq","PYSEC-2022-111","PYSEC-2022-56"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxqd-f1bw-y7h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3230?format=json","vulnerability_id":"VCID-rkx2-5nyj-bbhu","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41218","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04734","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41218"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-627.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-627.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-825.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-825.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-410.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-410.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41218","reference_id":"CVE-2021-41218","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41218"},{"reference_url":"https://github.com/advisories/GHSA-9crf-c6qr-r273","reference_id":"GHSA-9crf-c6qr-r273","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9crf-c6qr-r273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41218","CVE-2021-41218","GHSA-9crf-c6qr-r273","PYSEC-2021-410","PYSEC-2021-627","PYSEC-2021-825"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx2-5nyj-bbhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3235?format=json","vulnerability_id":"VCID-rr2a-8jrx-6ue8","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41213","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13618","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41213"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-622.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-622.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-820.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-820.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-405.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-405.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41213","reference_id":"CVE-2021-41213","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41213"},{"reference_url":"https://github.com/advisories/GHSA-h67m-xg8f-fxcf","reference_id":"GHSA-h67m-xg8f-fxcf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h67m-xg8f-fxcf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41213","CVE-2021-41213","GHSA-h67m-xg8f-fxcf","PYSEC-2021-405","PYSEC-2021-622","PYSEC-2021-820"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rr2a-8jrx-6ue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8271?format=json","vulnerability_id":"VCID-rsau-jvcr-uudd","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21736","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56243","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21736"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-60.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-60.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-115.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-115.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L227-L292","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:19Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L227-L292"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/965b97e4a9650495cda5a8c210ef6684b4b9eceb","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:19Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/965b97e4a9650495cda5a8c210ef6684b4b9eceb"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:19Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21736","reference_id":"CVE-2022-21736","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21736"},{"reference_url":"https://github.com/advisories/GHSA-pfjj-m3jj-9jc9","reference_id":"GHSA-pfjj-m3jj-9jc9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pfjj-m3jj-9jc9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21736","CVE-2022-21736","GHSA-pfjj-m3jj-9jc9","PYSEC-2022-115","PYSEC-2022-60"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsau-jvcr-uudd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8313?format=json","vulnerability_id":"VCID-rt4b-xxm6-xubs","summary":"Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23590","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47086","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23590"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-99.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-99.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-154.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-154.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23590","reference_id":"CVE-2022-23590","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23590"},{"reference_url":"https://github.com/advisories/GHSA-pqrv-8r2f-7278","reference_id":"GHSA-pqrv-8r2f-7278","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pqrv-8r2f-7278"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23590","CVE-2022-23590","GHSA-pqrv-8r2f-7278","PYSEC-2022-154","PYSEC-2022-99"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rt4b-xxm6-xubs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3223?format=json","vulnerability_id":"VCID-rujq-67w1-u3g7","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41225","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05281","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41225"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-634.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-634.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-832.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-832.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-417.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-417.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41225","reference_id":"CVE-2021-41225","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41225"},{"reference_url":"https://github.com/advisories/GHSA-7r94-xv9v-63jw","reference_id":"GHSA-7r94-xv9v-63jw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7r94-xv9v-63jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41225","CVE-2021-41225","GHSA-7r94-xv9v-63jw","PYSEC-2021-417","PYSEC-2021-634","PYSEC-2021-832"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rujq-67w1-u3g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3233?format=json","vulnerability_id":"VCID-sb7m-pngm-5fbj","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41215","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04734","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41215"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-624.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-624.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-822.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-822.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-407.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-407.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41215","reference_id":"CVE-2021-41215","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41215"},{"reference_url":"https://github.com/advisories/GHSA-x3v8-c8qx-3j3r","reference_id":"GHSA-x3v8-c8qx-3j3r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x3v8-c8qx-3j3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41215","CVE-2021-41215","GHSA-x3v8-c8qx-3j3r","PYSEC-2021-407","PYSEC-2021-624","PYSEC-2021-822"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sb7m-pngm-5fbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3242?format=json","vulnerability_id":"VCID-sf59-u7jt-4bd5","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41206","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01184","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41206"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-845.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-845.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-847.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-847.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-843.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-843.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41206","reference_id":"CVE-2021-41206","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41206"},{"reference_url":"https://github.com/advisories/GHSA-pgcq-h79j-2f69","reference_id":"GHSA-pgcq-h79j-2f69","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pgcq-h79j-2f69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"}],"aliases":["BIT-tensorflow-2021-41206","CVE-2021-41206","GHSA-pgcq-h79j-2f69","PYSEC-2021-843","PYSEC-2021-845","PYSEC-2021-847"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sf59-u7jt-4bd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8314?format=json","vulnerability_id":"VCID-ugta-nt2s-27fk","summary":"Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23572","reference_id":"","reference_type":"","scores":[{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66571","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23572"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-81.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-81.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-136.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-136.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L168-L174","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:10Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L168-L174"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/cb164786dc891ea11d3a900e90367c339305dc7b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:10Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/cb164786dc891ea11d3a900e90367c339305dc7b"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rww7-2gpw-fv6j","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:50:10Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rww7-2gpw-fv6j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23572","reference_id":"CVE-2022-23572","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23572"},{"reference_url":"https://github.com/advisories/GHSA-rww7-2gpw-fv6j","reference_id":"GHSA-rww7-2gpw-fv6j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rww7-2gpw-fv6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23572","CVE-2022-23572","GHSA-rww7-2gpw-fv6j","PYSEC-2022-136","PYSEC-2022-81"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugta-nt2s-27fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8319?format=json","vulnerability_id":"VCID-v2nf-1526-nkbp","summary":"Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23565","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30304","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23565"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-74.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-74.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-129.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-129.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/c2b31ff2d3151acb230edc3f5b1832d2c713a9e0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/c2b31ff2d3151acb230edc3f5b1832d2c713a9e0"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23565","reference_id":"CVE-2022-23565","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23565"},{"reference_url":"https://github.com/advisories/GHSA-4v5p-v5h9-6xjx","reference_id":"GHSA-4v5p-v5h9-6xjx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4v5p-v5h9-6xjx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23565","CVE-2022-23565","GHSA-4v5p-v5h9-6xjx","PYSEC-2022-129","PYSEC-2022-74"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2nf-1526-nkbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8299?format=json","vulnerability_id":"VCID-vfgz-fss4-wbgu","summary":"Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23574","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53147","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23574"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-83.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-83.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-138.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-138.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L81-L102","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:49Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L81-L102"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/0657c83d08845cc434175934c642299de2c0f042","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:49Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/0657c83d08845cc434175934c642299de2c0f042"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:44:49Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23574","reference_id":"CVE-2022-23574","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23574"},{"reference_url":"https://github.com/advisories/GHSA-77gp-3h4r-6428","reference_id":"GHSA-77gp-3h4r-6428","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77gp-3h4r-6428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23574","CVE-2022-23574","GHSA-77gp-3h4r-6428","PYSEC-2022-138","PYSEC-2022-83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfgz-fss4-wbgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8306?format=json","vulnerability_id":"VCID-vgv7-xc3c-1fb3","summary":"Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23564","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30304","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23564"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-73.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-73.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-128.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-128.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/14fea662350e7c26eb5fe1be2ac31704e5682ee6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:10Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/14fea662350e7c26eb5fe1be2ac31704e5682ee6"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:10Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23564","reference_id":"CVE-2022-23564","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23564"},{"reference_url":"https://github.com/advisories/GHSA-8rcj-c8pj-v3m3","reference_id":"GHSA-8rcj-c8pj-v3m3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8rcj-c8pj-v3m3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23564","CVE-2022-23564","GHSA-8rcj-c8pj-v3m3","PYSEC-2022-128","PYSEC-2022-73"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgv7-xc3c-1fb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8270?format=json","vulnerability_id":"VCID-vnn5-y8ez-rub9","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23568","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53888","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23568"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-77.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-77.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-132.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-132.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.cc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a68f68061e263a88321c104a6c911fe5598050a8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/a68f68061e263a88321c104a6c911fe5598050a8"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/b51b82fe65ebace4475e3c54eb089c18a4403f1c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/b51b82fe65ebace4475e3c54eb089c18a4403f1c"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:24Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23568","reference_id":"CVE-2022-23568","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23568"},{"reference_url":"https://github.com/advisories/GHSA-6445-fm66-fvq2","reference_id":"GHSA-6445-fm66-fvq2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6445-fm66-fvq2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23568","CVE-2022-23568","GHSA-6445-fm66-fvq2","PYSEC-2022-132","PYSEC-2022-77"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnn5-y8ez-rub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8282?format=json","vulnerability_id":"VCID-vpyd-he5n-b3a4","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21739","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44697","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21739"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-63.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-63.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-118.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-118.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/quantized_pooling_ops.cc#L114-L130","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/quantized_pooling_ops.cc#L114-L130"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/53b0dd6dc5957652f35964af16b892ec9af4a559","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/53b0dd6dc5957652f35964af16b892ec9af4a559"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21739","reference_id":"CVE-2022-21739","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21739"},{"reference_url":"https://github.com/advisories/GHSA-3mw4-6rj6-74g5","reference_id":"GHSA-3mw4-6rj6-74g5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3mw4-6rj6-74g5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21739","CVE-2022-21739","GHSA-3mw4-6rj6-74g5","PYSEC-2022-118","PYSEC-2022-63"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpyd-he5n-b3a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8288?format=json","vulnerability_id":"VCID-vqxg-mnz4-13cg","summary":"Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23570","reference_id":"","reference_type":"","scores":[{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66643","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23570"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-79.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-79.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-134.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-134.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L104-L106","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:57Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L104-L106"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8a513cec4bec15961fbfdedcaa5376522980455c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:57Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8a513cec4bec15961fbfdedcaa5376522980455c"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9p77-mmrw-69c7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:57Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9p77-mmrw-69c7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23570","reference_id":"CVE-2022-23570","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23570"},{"reference_url":"https://github.com/advisories/GHSA-9p77-mmrw-69c7","reference_id":"GHSA-9p77-mmrw-69c7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9p77-mmrw-69c7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23570","CVE-2022-23570","GHSA-9p77-mmrw-69c7","PYSEC-2022-134","PYSEC-2022-79"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqxg-mnz4-13cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3240?format=json","vulnerability_id":"VCID-w2ns-kqmv-xfan","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41208","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01882","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41208"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-617.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-617.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-815.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-815.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-400.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-400.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41208","reference_id":"CVE-2021-41208","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41208"},{"reference_url":"https://github.com/advisories/GHSA-57wx-m983-2f88","reference_id":"GHSA-57wx-m983-2f88","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57wx-m983-2f88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41208","CVE-2021-41208","GHSA-57wx-m983-2f88","PYSEC-2021-400","PYSEC-2021-617","PYSEC-2021-815"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2ns-kqmv-xfan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8305?format=json","vulnerability_id":"VCID-x2t2-4sa6-qygs","summary":"Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23561","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38678","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23561"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-70.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-70.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-125.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-125.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/6c0b2b70eeee588591680f5b7d5d38175fd7cdf6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/6c0b2b70eeee588591680f5b7d5d38175fd7cdf6"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23561","reference_id":"CVE-2022-23561","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23561"},{"reference_url":"https://github.com/advisories/GHSA-9c78-vcq7-7vxq","reference_id":"GHSA-9c78-vcq7-7vxq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9c78-vcq7-7vxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23561","CVE-2022-23561","GHSA-9c78-vcq7-7vxq","PYSEC-2022-125","PYSEC-2022-70"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2t2-4sa6-qygs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8295?format=json","vulnerability_id":"VCID-x5x3-2cyz-xbhe","summary":"Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23578","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4199","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23578"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-87.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-87.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-142.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-142.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8r7c-3cm2-3h8f","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8r7c-3cm2-3h8f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23578","reference_id":"CVE-2022-23578","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23578"},{"reference_url":"https://github.com/advisories/GHSA-8r7c-3cm2-3h8f","reference_id":"GHSA-8r7c-3cm2-3h8f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8r7c-3cm2-3h8f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-23578","CVE-2022-23578","GHSA-8r7c-3cm2-3h8f","PYSEC-2022-142","PYSEC-2022-87"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5x3-2cyz-xbhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3247?format=json","vulnerability_id":"VCID-xbt8-r95u-sqbu","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41201","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06636","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41201"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-611.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-611.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-809.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-809.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-394.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-394.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41201","reference_id":"CVE-2021-41201","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41201"},{"reference_url":"https://github.com/advisories/GHSA-j86v-p27c-73fm","reference_id":"GHSA-j86v-p27c-73fm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j86v-p27c-73fm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41201","CVE-2021-41201","GHSA-j86v-p27c-73fm","PYSEC-2021-394","PYSEC-2021-611","PYSEC-2021-809"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbt8-r95u-sqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14882?format=json","vulnerability_id":"VCID-xn72-z6kg-q7bp","summary":"Integer Overflow or Wraparound in TensorFlow\n### Impact\nThe Grappler component of TensorFlow is vulnerable to a denial of service via `CHECK`-failure  in constant folding  for ;\n    // ...\n  }\n```\n  \nThe `output_prop` tensor has a shape that is controlled by user input and this can result in triggering one of the `CHECK`s in the `PartialTensorShape` constructor. This is an instance of TFSA-2021-198 .\n\n### Patches\nWe have patched the issue in GitHub commit be7b286d40bc68cb0b56f702186cc4837d508058 fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide] for more information regarding the security model and how to contact us with issues and questions.","references":[{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/be7b286d40bc68cb0b56f702186cc4837d508058","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/be7b286d40bc68cb0b56f702186cc4837d508058"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p"},{"reference_url":"https://github.com/advisories/GHSA-wcv5-vrvr-3rx2","reference_id":"GHSA-wcv5-vrvr-3rx2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcv5-vrvr-3rx2"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2","reference_id":"GHSA-wcv5-vrvr-3rx2","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["GHSA-wcv5-vrvr-3rx2","GMS-2022-50","GMS-2022-53","GMS-2022-56"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xn72-z6kg-q7bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3236?format=json","vulnerability_id":"VCID-y7hx-h69v-wfcy","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41212","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41212"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-621.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-621.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-819.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-819.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-404.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-404.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41212","reference_id":"CVE-2021-41212","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41212"},{"reference_url":"https://github.com/advisories/GHSA-fr77-rrx3-cp7g","reference_id":"GHSA-fr77-rrx3-cp7g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fr77-rrx3-cp7g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23654?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-1hbp-9n5x-tyda"},{"vulnerability":"VCID-2tx7-szke-f7d8"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-41ax-nrcf-yygf"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-4fcy-hbcs-cuan"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-62er-23uz-6qgu"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-7uu3-mfan-4ue5"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-8zqb-tqfq-7ud7"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-b4hf-5gqs-yfbw"},{"vulnerability":"VCID-bn6z-c98v-n7bf"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d1hw-1fdb-kfhq"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-exym-4mq2-rkbj"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g5zp-g143-a3hk"},{"vulnerability":"VCID-g7ud-1f9c-u7bn"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-gh9u-ufcn-6khx"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-jg5r-hv3s-kuh3"},{"vulnerability":"VCID-k3rw-xwzv-1uer"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-mzvs-ne4v-4qh7"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rgug-8jmj-e7hw"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-s3fs-8v2b-zqem"},{"vulnerability":"VCID-sbpr-dnvt-x7eu"},{"vulnerability":"VCID-tru4-6hk6-yydu"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-uyv6-cmed-a7c3"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-wfh9-ew6v-nyhy"},{"vulnerability":"VCID-ww95-y388-3ben"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-xn72-z6kg-q7bp"},{"vulnerability":"VCID-y8ed-ynrx-37af"},{"vulnerability":"VCID-yvag-32h1-yfc5"},{"vulnerability":"VCID-yvef-kyv2-qbea"},{"vulnerability":"VCID-yx57-74vr-rfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.0"}],"aliases":["BIT-tensorflow-2021-41212","CVE-2021-41212","GHSA-fr77-rrx3-cp7g","PYSEC-2021-404","PYSEC-2021-621","PYSEC-2021-819"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7hx-h69v-wfcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14907?format=json","vulnerability_id":"VCID-y8ed-ynrx-37af","summary":"Improper Validation of Integrity Check Value in TensorFlow\nThe implementation of `tf.sparse.split` does not fully validate the input arguments.","references":[{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/61bf91e768173b001d56923600b40d9a95a04ad5","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/61bf91e768173b001d56923600b40d9a95a04ad5"},{"reference_url":"https://github.com/tensorflow/tensorflow/pull/53695","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/pull/53695"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69"},{"reference_url":"https://github.com/advisories/GHSA-43q8-3fv7-pr5x","reference_id":"GHSA-43q8-3fv7-pr5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43q8-3fv7-pr5x"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x","reference_id":"GHSA-43q8-3fv7-pr5x","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["GHSA-43q8-3fv7-pr5x","GMS-2022-48","GMS-2022-51","GMS-2022-54"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8ed-ynrx-37af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3253?format=json","vulnerability_id":"VCID-yh43-ndzp-4ue9","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41195","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11785","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41195"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-844.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-844.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-846.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-846.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-842.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-842.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e9c81c1e1a9cd8dd31f4e83676cab61b60658429","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/e9c81c1e1a9cd8dd31f4e83676cab61b60658429"},{"reference_url":"https://github.com/tensorflow/tensorflow/issues/46888","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/issues/46888"},{"reference_url":"https://github.com/tensorflow/tensorflow/pull/51733","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/pull/51733"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cq76-mxrc-vchh","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cq76-mxrc-vchh"},{"reference_url":"https://security.archlinux.org/AVG-2529","reference_id":"AVG-2529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41195","reference_id":"CVE-2021-41195","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41195"},{"reference_url":"https://github.com/advisories/GHSA-cq76-mxrc-vchh","reference_id":"GHSA-cq76-mxrc-vchh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cq76-mxrc-vchh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23653?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qd-d7c7-sbdm"},{"vulnerability":"VCID-145d-k5w3-tfgz"},{"vulnerability":"VCID-15nt-6tff-k7gb"},{"vulnerability":"VCID-1ah5-hm7a-ykep"},{"vulnerability":"VCID-39ck-bm9t-kqhs"},{"vulnerability":"VCID-3czq-3twf-skcg"},{"vulnerability":"VCID-3g5a-5csn-h3d9"},{"vulnerability":"VCID-466y-e26r-rka4"},{"vulnerability":"VCID-5tpp-sf62-zycs"},{"vulnerability":"VCID-6888-uhtp-8ub6"},{"vulnerability":"VCID-6gnj-az99-h7b4"},{"vulnerability":"VCID-83pe-ztey-dbf4"},{"vulnerability":"VCID-97cs-4kx3-37gm"},{"vulnerability":"VCID-9arh-a8wj-wka6"},{"vulnerability":"VCID-akmu-fas1-33h6"},{"vulnerability":"VCID-axj7-aq9m-rqdu"},{"vulnerability":"VCID-ccv1-pgda-r7ba"},{"vulnerability":"VCID-cwvm-wntu-tfck"},{"vulnerability":"VCID-d3dc-su6w-s3ag"},{"vulnerability":"VCID-egc6-6pwr-fyej"},{"vulnerability":"VCID-en5f-xtha-cyhp"},{"vulnerability":"VCID-ev23-kazv-nkas"},{"vulnerability":"VCID-ev84-gxjn-6bf1"},{"vulnerability":"VCID-eyqx-7k24-zfhq"},{"vulnerability":"VCID-f25m-udat-n3fd"},{"vulnerability":"VCID-f3cx-k63z-7qde"},{"vulnerability":"VCID-fggx-3rzd-8kf5"},{"vulnerability":"VCID-g8er-52ns-j7b1"},{"vulnerability":"VCID-g8ts-ghhv-33e3"},{"vulnerability":"VCID-gg98-zkw8-5ben"},{"vulnerability":"VCID-hujj-6vv2-u3c2"},{"vulnerability":"VCID-jdud-ufqp-4yg5"},{"vulnerability":"VCID-ky4u-eny7-33fy"},{"vulnerability":"VCID-m4na-tgrp-d7fk"},{"vulnerability":"VCID-mtqg-yga8-eqeu"},{"vulnerability":"VCID-n62z-1akp-ebck"},{"vulnerability":"VCID-ngkq-s26c-qkfj"},{"vulnerability":"VCID-pe9p-a7nn-8bhj"},{"vulnerability":"VCID-q4zv-syab-bbh8"},{"vulnerability":"VCID-qgr6-bqrc-puhs"},{"vulnerability":"VCID-qxqd-f1bw-y7h4"},{"vulnerability":"VCID-rsau-jvcr-uudd"},{"vulnerability":"VCID-rt4b-xxm6-xubs"},{"vulnerability":"VCID-ugta-nt2s-27fk"},{"vulnerability":"VCID-v2nf-1526-nkbp"},{"vulnerability":"VCID-vfgz-fss4-wbgu"},{"vulnerability":"VCID-vgv7-xc3c-1fb3"},{"vulnerability":"VCID-vnn5-y8ez-rub9"},{"vulnerability":"VCID-vpyd-he5n-b3a4"},{"vulnerability":"VCID-vqxg-mnz4-13cg"},{"vulnerability":"VCID-x2t2-4sa6-qygs"},{"vulnerability":"VCID-x5x3-2cyz-xbhe"},{"vulnerability":"VCID-yvag-32h1-yfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.1"}],"aliases":["BIT-tensorflow-2021-41195","CVE-2021-41195","GHSA-cq76-mxrc-vchh","PYSEC-2021-842","PYSEC-2021-844","PYSEC-2021-846"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yh43-ndzp-4ue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8284?format=json","vulnerability_id":"VCID-yvag-32h1-yfc5","summary":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21740","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54726","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21740"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-64.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-64.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-119.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-119.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/adbbabdb0d3abb3cdeac69e38a96de1d678b24b3","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/adbbabdb0d3abb3cdeac69e38a96de1d678b24b3"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21740","reference_id":"CVE-2022-21740","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21740"},{"reference_url":"https://github.com/advisories/GHSA-44qp-9wwf-734r","reference_id":"GHSA-44qp-9wwf-734r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-44qp-9wwf-734r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["BIT-tensorflow-2022-21740","CVE-2022-21740","GHSA-44qp-9wwf-734r","PYSEC-2022-119","PYSEC-2022-64"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvag-32h1-yfc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14904?format=json","vulnerability_id":"VCID-yvef-kyv2-qbea","summary":"NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow\n### Impact \nThe code for boosted trees in TensorFlow is still missing validation. This allows malicious users to read and write outside of bounds of heap allocated data as well as trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures).\n\nThis follows after CVE-2021-41208 where these APIs were still vulnerable to multiple security issues.\n\n**Note**: Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs.  Instead, please use the downstream [TensorFlow Decision Forests] project which is newer and supports more features. \n  \nThese APIs are now deprecated in TensorFlow 2.8. We will remove TensorFlow's boosted trees APIs in subsequent releases.\n  \n### Patches\nWe have patched the known issues in multiple GitHub commits.\n  \nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nThis should allow users to use existing boosted trees APIs for a while until they migrate to TensorFlow Decision Forests while guaranteeing that known vulnerabilities are fixed.\n\n### For more information\nPlease consult our security guide for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThese vulnerabilities have been reported by Yu Tian of Qihoo 360 AIVul Team and Faysal Hossain Shezan from University of Virginia. Some of the issues have been discovered internally after a careful audit of the APIs.","references":[{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/kernels/boosted_trees/stats_ops.cc","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/kernels/boosted_trees/stats_ops.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88"},{"reference_url":"https://github.com/advisories/GHSA-h6gw-r52c-724r","reference_id":"GHSA-h6gw-r52c-724r","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6gw-r52c-724r"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r","reference_id":"GHSA-h6gw-r52c-724r","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25366?format=json","purl":"pkg:pypi/tensorflow-cpu@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt4b-xxm6-xubs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/25370?format=json","purl":"pkg:pypi/tensorflow-cpu@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffkg-sa3q-8qfq"},{"vulnerability":"VCID-uyv6-cmed-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.7.1"}],"aliases":["GHSA-h6gw-r52c-724r","GMS-2022-49","GMS-2022-52","GMS-2022-55"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvef-kyv2-qbea"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@2.6.0"}