{"url":"http://public2.vulnerablecode.io/api/packages/26604?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.0rc0","type":"pypi","namespace":"","name":"tensorflow-gpu","version":"2.8.0rc0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102271?format=json","vulnerability_id":"VCID-1b48-dfec-4ycn","summary":"TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41907","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.351","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35042","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35137","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35152","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35114","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35079","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41907"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:43Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41907","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41907"},{"reference_url":"https://github.com/advisories/GHSA-368v-7v32-52fx","reference_id":"GHSA-368v-7v32-52fx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-368v-7v32-52fx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41907","GHSA-368v-7v32-52fx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1b48-dfec-4ycn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44733?format=json","vulnerability_id":"VCID-1jte-hpg7-gydx","summary":"Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25669","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42796","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4283","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42857","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42881","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4287","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25669"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25669","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25669"},{"reference_url":"https://github.com/advisories/GHSA-rcf8-g8jv-vg6p","reference_id":"GHSA-rcf8-g8jv-vg6p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rcf8-g8jv-vg6p"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p","reference_id":"GHSA-rcf8-g8jv-vg6p","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25669","GHSA-rcf8-g8jv-vg6p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jte-hpg7-gydx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102274?format=json","vulnerability_id":"VCID-1xee-v43t-c7c4","summary":"TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41910","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55599","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55655","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5565","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55649","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41910"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41910","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41910"},{"reference_url":"https://github.com/advisories/GHSA-frqp-wp83-qggv","reference_id":"GHSA-frqp-wp83-qggv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-frqp-wp83-qggv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41910","GHSA-frqp-wp83-qggv","GMS-2022-6997","GMS-2022-7005","GMS-2022-7013"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xee-v43t-c7c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44739?format=json","vulnerability_id":"VCID-36ey-jnev-qqf8","summary":"Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25666","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17098","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17074","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17056","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17135","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1717","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17174","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25666"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25666","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25666"},{"reference_url":"https://github.com/advisories/GHSA-f637-vh3r-vfh2","reference_id":"GHSA-f637-vh3r-vfh2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f637-vh3r-vfh2"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2","reference_id":"GHSA-f637-vh3r-vfh2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25666","GHSA-f637-vh3r-vfh2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36ey-jnev-qqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55592?format=json","vulnerability_id":"VCID-37j3-cnw5-4fch","summary":"TensorFlow has segfault in array_ops.upper_bound\n`array_ops.upper_bound` causes a segfault when not given a rank 2 tensor.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33976","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11172","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11156","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1127","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11278","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33976"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33976","reference_id":"CVE-2023-33976","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33976"},{"reference_url":"https://github.com/advisories/GHSA-gjh7-xx4r-x345","reference_id":"GHSA-gjh7-xx4r-x345","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjh7-xx4r-x345"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345","reference_id":"GHSA-gjh7-xx4r-x345","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82289?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.1"}],"aliases":["CVE-2023-33976","GHSA-gjh7-xx4r-x345"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37j3-cnw5-4fch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102254?format=json","vulnerability_id":"VCID-42t9-hpd3-hufy","summary":"TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41886","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35257","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35196","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35313","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35277","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35236","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41886"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41886","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41886"},{"reference_url":"https://github.com/advisories/GHSA-54pp-c6pp-7fpx","reference_id":"GHSA-54pp-c6pp-7fpx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54pp-c6pp-7fpx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41886","GHSA-54pp-c6pp-7fpx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42t9-hpd3-hufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102267?format=json","vulnerability_id":"VCID-6aey-qzrr-9qdk","summary":"TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41899","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35604","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35588","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40337","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41899"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:53Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41899","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41899"},{"reference_url":"https://github.com/advisories/GHSA-27rc-728f-x5w2","reference_id":"GHSA-27rc-728f-x5w2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27rc-728f-x5w2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41899","GHSA-27rc-728f-x5w2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6aey-qzrr-9qdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44751?format=json","vulnerability_id":"VCID-6f4y-m6ca-nyf6","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25663","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42948","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42984","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42974","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4301","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4303","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43022","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25663"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25663"},{"reference_url":"https://github.com/advisories/GHSA-64jg-wjww-7c5w","reference_id":"GHSA-64jg-wjww-7c5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64jg-wjww-7c5w"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w","reference_id":"GHSA-64jg-wjww-7c5w","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25663","GHSA-64jg-wjww-7c5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4y-m6ca-nyf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44736?format=json","vulnerability_id":"VCID-6yy3-r6mh-j3e8","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25665","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31244","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31234","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31211","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31243","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31278","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31312","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25665"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25665","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25665"},{"reference_url":"https://github.com/advisories/GHSA-558h-mq8x-7q9g","reference_id":"GHSA-558h-mq8x-7q9g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-558h-mq8x-7q9g"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g","reference_id":"GHSA-558h-mq8x-7q9g","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25665","GHSA-558h-mq8x-7q9g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6yy3-r6mh-j3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102270?format=json","vulnerability_id":"VCID-71dj-4wgv-dkfa","summary":"TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41902","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53077","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53052","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53113","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53121","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53102","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41902"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:08Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41902","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41902"},{"reference_url":"https://github.com/advisories/GHSA-cg88-rpvp-cjv5","reference_id":"GHSA-cg88-rpvp-cjv5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg88-rpvp-cjv5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41902","GHSA-cg88-rpvp-cjv5","GMS-2022-6995","GMS-2022-7003","GMS-2022-7011"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71dj-4wgv-dkfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44752?format=json","vulnerability_id":"VCID-8nt4-mp8z-b3et","summary":"Double Free\nTensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25801","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25235","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25122","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25112","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2517","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25139","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2522","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25801"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25801","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25801"},{"reference_url":"https://github.com/advisories/GHSA-f49c-87jh-g47q","reference_id":"GHSA-f49c-87jh-g47q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f49c-87jh-g47q"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q","reference_id":"GHSA-f49c-87jh-g47q","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25801","GHSA-f49c-87jh-g47q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nt4-mp8z-b3et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102260?format=json","vulnerability_id":"VCID-a2bj-bk9e-7fdw","summary":"TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41891","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35604","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35588","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40337","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41891"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:16Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41891","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41891"},{"reference_url":"https://github.com/advisories/GHSA-66vq-54fq-6jvv","reference_id":"GHSA-66vq-54fq-6jvv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66vq-54fq-6jvv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41891","GHSA-66vq-54fq-6jvv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2bj-bk9e-7fdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44744?format=json","vulnerability_id":"VCID-b31k-j7yk-muhz","summary":"Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25668","reference_id":"","reference_type":"","scores":[{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81228","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81268","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81251","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81255","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81258","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81256","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25668"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25668","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25668"},{"reference_url":"https://github.com/advisories/GHSA-gw97-ff7c-9v96","reference_id":"GHSA-gw97-ff7c-9v96","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gw97-ff7c-9v96"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96","reference_id":"GHSA-gw97-ff7c-9v96","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25668","GHSA-gw97-ff7c-9v96"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b31k-j7yk-muhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102265?format=json","vulnerability_id":"VCID-bmq7-ywhj-w3ap","summary":"TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41897","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35257","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35196","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35313","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35277","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35236","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41897"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:01Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41897","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41897"},{"reference_url":"https://github.com/advisories/GHSA-f2w8-jw48-fr7j","reference_id":"GHSA-f2w8-jw48-fr7j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f2w8-jw48-fr7j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41897","GHSA-f2w8-jw48-fr7j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmq7-ywhj-w3ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44743?format=json","vulnerability_id":"VCID-c1qd-61t7-2fe3","summary":"Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25667","reference_id":"","reference_type":"","scores":[{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43581","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43614","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43605","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43639","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43663","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43652","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25667"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25667","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25667"},{"reference_url":"https://github.com/advisories/GHSA-fqm2-gh8w-gr68","reference_id":"GHSA-fqm2-gh8w-gr68","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fqm2-gh8w-gr68"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68","reference_id":"GHSA-fqm2-gh8w-gr68","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25667","GHSA-fqm2-gh8w-gr68"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1qd-61t7-2fe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44730?format=json","vulnerability_id":"VCID-cvdm-ubbq-63ew","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25660","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47259","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47245","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47275","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47293","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47291","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25660"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25660","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25660"},{"reference_url":"https://github.com/advisories/GHSA-qjqc-vqcf-5qvj","reference_id":"GHSA-qjqc-vqcf-5qvj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qjqc-vqcf-5qvj"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj","reference_id":"GHSA-qjqc-vqcf-5qvj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25660","GHSA-qjqc-vqcf-5qvj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvdm-ubbq-63ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36005?format=json","vulnerability_id":"VCID-d3k4-z4f1-hfhy","summary":"Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23592","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54967","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55026","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55006","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55024","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55033","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55025","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23592"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-101.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-101.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-156.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-156.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:19Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:19Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:51:19Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23592","reference_id":"CVE-2022-23592","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23592"},{"reference_url":"https://github.com/advisories/GHSA-vq36-27g6-p492","reference_id":"GHSA-vq36-27g6-p492","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vq36-27g6-p492"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26606?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124y-9kpj-p7aj"},{"vulnerability":"VCID-1b48-dfec-4ycn"},{"vulnerability":"VCID-1fjg-c139-1yf1"},{"vulnerability":"VCID-1g5s-7at3-ckfn"},{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-1m8h-cgum-nkd2"},{"vulnerability":"VCID-1xee-v43t-c7c4"},{"vulnerability":"VCID-23fs-9e1j-tbdu"},{"vulnerability":"VCID-2ycd-39t1-zfhs"},{"vulnerability":"VCID-34ue-dphj-8ka5"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-3dgz-dzdx-8kgz"},{"vulnerability":"VCID-3ev9-u7cm-tbct"},{"vulnerability":"VCID-3jab-qtww-47eq"},{"vulnerability":"VCID-3kva-8fv8-ukaa"},{"vulnerability":"VCID-3rtn-hnmg-dugs"},{"vulnerability":"VCID-3v2x-fcff-2kfn"},{"vulnerability":"VCID-42t9-hpd3-hufy"},{"vulnerability":"VCID-4632-rf32-xfgg"},{"vulnerability":"VCID-4gct-hv2n-8fes"},{"vulnerability":"VCID-542f-yjje-zfad"},{"vulnerability":"VCID-5qdx-9g76-3ugr"},{"vulnerability":"VCID-5r5f-1mgp-x3hh"},{"vulnerability":"VCID-63yf-6n3f-uugw"},{"vulnerability":"VCID-6aey-qzrr-9qdk"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6fzx-5d86-fqcg"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-71dj-4wgv-dkfa"},{"vulnerability":"VCID-7qsc-g2q6-yyev"},{"vulnerability":"VCID-8h8c-hzce-sqby"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-9tbn-pjhn-5bdk"},{"vulnerability":"VCID-a2bj-bk9e-7fdw"},{"vulnerability":"VCID-a5ey-dfsw-vfaz"},{"vulnerability":"VCID-ac5u-fzwq-k3bk"},{"vulnerability":"VCID-adbe-gm2b-g7h4"},{"vulnerability":"VCID-an2q-1spn-gfgz"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-b51p-mfd9-fqge"},{"vulnerability":"VCID-b6g8-7vy6-gqh7"},{"vulnerability":"VCID-bckg-ymqp-eyg6"},{"vulnerability":"VCID-bhtq-drn4-pqfw"},{"vulnerability":"VCID-bjcs-f4yp-skc3"},{"vulnerability":"VCID-bmq7-ywhj-w3ap"},{"vulnerability":"VCID-budt-6suv-87fk"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-c7xx-8n31-dkd8"},{"vulnerability":"VCID-cnnv-k1mq-bycd"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-d1xg-zvu2-pfcf"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-dvpe-15m7-puh4"},{"vulnerability":"VCID-e8a2-ny5z-73au"},{"vulnerability":"VCID-efrr-vytn-nbfk"},{"vulnerability":"VCID-ekmw-8ekq-1bfq"},{"vulnerability":"VCID-eqjg-vnm4-pbgx"},{"vulnerability":"VCID-eqp9-vbjw-uye1"},{"vulnerability":"VCID-eseh-ekjx-yffk"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-f85h-49x9-7qdw"},{"vulnerability":"VCID-g5du-95mm-uqdv"},{"vulnerability":"VCID-ghqz-dfeq-rygz"},{"vulnerability":"VCID-gt24-f126-akej"},{"vulnerability":"VCID-gv1k-p9qb-qug3"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-h9va-2q1u-nfeq"},{"vulnerability":"VCID-hk5u-5r79-67ee"},{"vulnerability":"VCID-hm4p-s6xd-8uf5"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-juat-vtcr-xbg3"},{"vulnerability":"VCID-k2ms-13kz-4bgg"},{"vulnerability":"VCID-k3am-7v2s-xqb9"},{"vulnerability":"VCID-kafn-vb69-tub3"},{"vulnerability":"VCID-kb5d-pyxb-4fe9"},{"vulnerability":"VCID-kkbz-sb6d-nkb9"},{"vulnerability":"VCID-kzhb-zzzm-ebe1"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mpr8-1wz2-kfgv"},{"vulnerability":"VCID-mtkv-vxpu-m3fu"},{"vulnerability":"VCID-njmm-n794-tqcr"},{"vulnerability":"VCID-nkyd-wte8-zbc8"},{"vulnerability":"VCID-nn1z-3z62-5fby"},{"vulnerability":"VCID-nttr-e3uq-tbew"},{"vulnerability":"VCID-ppev-q19c-jfcd"},{"vulnerability":"VCID-pw2j-ex1f-wkgd"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-q8m1-bjce-67bd"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-qhtm-u49u-zyeg"},{"vulnerability":"VCID-qp8b-wyj4-h7e4"},{"vulnerability":"VCID-r11x-hcqs-cfgb"},{"vulnerability":"VCID-r14r-z3cv-1qa6"},{"vulnerability":"VCID-r3y2-x3nx-67ac"},{"vulnerability":"VCID-raep-npkq-b3fx"},{"vulnerability":"VCID-rdtn-n88f-pqas"},{"vulnerability":"VCID-rh99-4vre-gfde"},{"vulnerability":"VCID-rth4-8c4m-f3gd"},{"vulnerability":"VCID-scvf-p5ff-c3df"},{"vulnerability":"VCID-sevq-49gc-k3eh"},{"vulnerability":"VCID-shq8-1n4y-vkc5"},{"vulnerability":"VCID-t2dj-e6dk-m7f2"},{"vulnerability":"VCID-tuqw-n8ka-jfht"},{"vulnerability":"VCID-udmn-j2p9-xuez"},{"vulnerability":"VCID-uhxa-me3d-sbhj"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-urkj-g83d-xkh8"},{"vulnerability":"VCID-uucj-un2y-h7h8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-vpg8-m282-bbfb"},{"vulnerability":"VCID-vtgx-x9t1-eyb1"},{"vulnerability":"VCID-vxm3-72uk-zbb8"},{"vulnerability":"VCID-w316-z2dk-sbdy"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-wdks-wa1n-ckhx"},{"vulnerability":"VCID-wvbd-6s6n-fqdz"},{"vulnerability":"VCID-x2hf-a9qm-t3du"},{"vulnerability":"VCID-x7s3-qyrt-mbat"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-xuzj-9346-tuf3"},{"vulnerability":"VCID-ybth-xfxp-c7fu"},{"vulnerability":"VCID-yrtd-47vc-muff"},{"vulnerability":"VCID-yy9b-ymk2-5kea"},{"vulnerability":"VCID-zc2s-1rty-hyd9"},{"vulnerability":"VCID-zfqe-wftj-nke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.0"}],"aliases":["BIT-tensorflow-2022-23592","CVE-2022-23592","GHSA-vq36-27g6-p492","PYSEC-2022-101","PYSEC-2022-156"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3k4-z4f1-hfhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44746?format=json","vulnerability_id":"VCID-dftm-vs4w-kfag","summary":"Heap-based Buffer Overflow\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25664","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25581","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25577","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25568","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25626","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25674","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25683","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25664"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25664","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25664"},{"reference_url":"https://github.com/advisories/GHSA-6hg6-5c2q-7rcr","reference_id":"GHSA-6hg6-5c2q-7rcr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6hg6-5c2q-7rcr"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr","reference_id":"GHSA-6hg6-5c2q-7rcr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25664","GHSA-6hg6-5c2q-7rcr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dftm-vs4w-kfag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102257?format=json","vulnerability_id":"VCID-dvpe-15m7-puh4","summary":"TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41889","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31026","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31038","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31103","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3107","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31036","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31003","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41889"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:23Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41889","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41889"},{"reference_url":"https://github.com/advisories/GHSA-xxcj-rhqg-m46g","reference_id":"GHSA-xxcj-rhqg-m46g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxcj-rhqg-m46g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41889","GHSA-xxcj-rhqg-m46g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvpe-15m7-puh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110201?format=json","vulnerability_id":"VCID-e8a2-ny5z-73au","summary":"`CHECK` failure in `SobolSample` via missing validation\n### Impact\nAnother instance of CVE-2022-35935, where `SobolSample` is vulnerable to a denial of service via assumed scalar inputs, was found and fixed.\n```python\nimport tensorflow as tf\ntf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1]))\n```\n\n### Patches\nWe have patched the issue in GitHub commits [c65c67f88ad770662e8f191269a907bf2b94b1bf](https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf) and [02400ea266bd811fc016a848445de1bbff3a23a0](https://github.com/tensorflow/tensorflow/commit/02400ea266bd811fc016a848445de1bbff3a23a0)\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick both commits on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. TensorFlow 2.7.4 will have the first commit cherrypicked.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by:\n- Kang Hong Jin from Singapore Management University\n- Neophytos Christou, Secure Systems Labs, Brown University\n- 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology\n- Pattarakrit Rattankul","references":[{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc"},{"reference_url":"https://github.com/advisories/GHSA-cqvq-fvhr-v6hc","reference_id":"GHSA-cqvq-fvhr-v6hc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cqvq-fvhr-v6hc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["GHSA-cqvq-fvhr-v6hc","GMS-2022-6996","GMS-2022-7004","GMS-2022-7012"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8a2-ny5z-73au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102269?format=json","vulnerability_id":"VCID-ekmw-8ekq-1bfq","summary":"TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41901","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52247","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52276","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52267","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57725","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57785","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57777","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41901"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41901","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41901"},{"reference_url":"https://github.com/advisories/GHSA-g9fm-r5mm-rf9f","reference_id":"GHSA-g9fm-r5mm-rf9f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g9fm-r5mm-rf9f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41901","GHSA-g9fm-r5mm-rf9f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekmw-8ekq-1bfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102261?format=json","vulnerability_id":"VCID-eseh-ekjx-yffk","summary":"TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41893","reference_id":"","reference_type":"","scores":[{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41235","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41205","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41282","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41286","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41255","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41225","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41893"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:13Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41893","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41893"},{"reference_url":"https://github.com/advisories/GHSA-67pf-62xr-q35m","reference_id":"GHSA-67pf-62xr-q35m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-67pf-62xr-q35m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41893","GHSA-67pf-62xr-q35m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eseh-ekjx-yffk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44731?format=json","vulnerability_id":"VCID-ev9c-cxzc-p7hb","summary":"Integer Overflow or Wraparound\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 is vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25662","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35456","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35503","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35485","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35524","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35562","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35551","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25662","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25662"},{"reference_url":"https://github.com/advisories/GHSA-7jvm-xxmr-v5cw","reference_id":"GHSA-7jvm-xxmr-v5cw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jvm-xxmr-v5cw"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw","reference_id":"GHSA-7jvm-xxmr-v5cw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25662","GHSA-7jvm-xxmr-v5cw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ev9c-cxzc-p7hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102251?format=json","vulnerability_id":"VCID-ghqz-dfeq-rygz","summary":"TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41884","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32381","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32421","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35155","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35169","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35134","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41884"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41884","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41884"},{"reference_url":"https://github.com/advisories/GHSA-jq6x-99hj-q636","reference_id":"GHSA-jq6x-99hj-q636","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jq6x-99hj-q636"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41884","GHSA-jq6x-99hj-q636"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghqz-dfeq-rygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44741?format=json","vulnerability_id":"VCID-h18h-987d-q7he","summary":"Incorrect Comparison\nTensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27579","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42857","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4283","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42881","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4287","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27579"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27579","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27579"},{"reference_url":"https://github.com/advisories/GHSA-5w96-866f-6rm8","reference_id":"GHSA-5w96-866f-6rm8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5w96-866f-6rm8"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8","reference_id":"GHSA-5w96-866f-6rm8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-27579","GHSA-5w96-866f-6rm8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h18h-987d-q7he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36015?format=json","vulnerability_id":"VCID-hcud-kg7b-zyhx","summary":"Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23593","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54351","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54406","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54384","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54407","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54417","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54408","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23593"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23593","reference_id":"CVE-2022-23593","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23593"},{"reference_url":"https://github.com/advisories/GHSA-gwcx-jrx4-92w2","reference_id":"GHSA-gwcx-jrx4-92w2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gwcx-jrx4-92w2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26606?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124y-9kpj-p7aj"},{"vulnerability":"VCID-1b48-dfec-4ycn"},{"vulnerability":"VCID-1fjg-c139-1yf1"},{"vulnerability":"VCID-1g5s-7at3-ckfn"},{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-1m8h-cgum-nkd2"},{"vulnerability":"VCID-1xee-v43t-c7c4"},{"vulnerability":"VCID-23fs-9e1j-tbdu"},{"vulnerability":"VCID-2ycd-39t1-zfhs"},{"vulnerability":"VCID-34ue-dphj-8ka5"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-3dgz-dzdx-8kgz"},{"vulnerability":"VCID-3ev9-u7cm-tbct"},{"vulnerability":"VCID-3jab-qtww-47eq"},{"vulnerability":"VCID-3kva-8fv8-ukaa"},{"vulnerability":"VCID-3rtn-hnmg-dugs"},{"vulnerability":"VCID-3v2x-fcff-2kfn"},{"vulnerability":"VCID-42t9-hpd3-hufy"},{"vulnerability":"VCID-4632-rf32-xfgg"},{"vulnerability":"VCID-4gct-hv2n-8fes"},{"vulnerability":"VCID-542f-yjje-zfad"},{"vulnerability":"VCID-5qdx-9g76-3ugr"},{"vulnerability":"VCID-5r5f-1mgp-x3hh"},{"vulnerability":"VCID-63yf-6n3f-uugw"},{"vulnerability":"VCID-6aey-qzrr-9qdk"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6fzx-5d86-fqcg"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-71dj-4wgv-dkfa"},{"vulnerability":"VCID-7qsc-g2q6-yyev"},{"vulnerability":"VCID-8h8c-hzce-sqby"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-9tbn-pjhn-5bdk"},{"vulnerability":"VCID-a2bj-bk9e-7fdw"},{"vulnerability":"VCID-a5ey-dfsw-vfaz"},{"vulnerability":"VCID-ac5u-fzwq-k3bk"},{"vulnerability":"VCID-adbe-gm2b-g7h4"},{"vulnerability":"VCID-an2q-1spn-gfgz"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-b51p-mfd9-fqge"},{"vulnerability":"VCID-b6g8-7vy6-gqh7"},{"vulnerability":"VCID-bckg-ymqp-eyg6"},{"vulnerability":"VCID-bhtq-drn4-pqfw"},{"vulnerability":"VCID-bjcs-f4yp-skc3"},{"vulnerability":"VCID-bmq7-ywhj-w3ap"},{"vulnerability":"VCID-budt-6suv-87fk"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-c7xx-8n31-dkd8"},{"vulnerability":"VCID-cnnv-k1mq-bycd"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-d1xg-zvu2-pfcf"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-dvpe-15m7-puh4"},{"vulnerability":"VCID-e8a2-ny5z-73au"},{"vulnerability":"VCID-efrr-vytn-nbfk"},{"vulnerability":"VCID-ekmw-8ekq-1bfq"},{"vulnerability":"VCID-eqjg-vnm4-pbgx"},{"vulnerability":"VCID-eqp9-vbjw-uye1"},{"vulnerability":"VCID-eseh-ekjx-yffk"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-f85h-49x9-7qdw"},{"vulnerability":"VCID-g5du-95mm-uqdv"},{"vulnerability":"VCID-ghqz-dfeq-rygz"},{"vulnerability":"VCID-gt24-f126-akej"},{"vulnerability":"VCID-gv1k-p9qb-qug3"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-h9va-2q1u-nfeq"},{"vulnerability":"VCID-hk5u-5r79-67ee"},{"vulnerability":"VCID-hm4p-s6xd-8uf5"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-juat-vtcr-xbg3"},{"vulnerability":"VCID-k2ms-13kz-4bgg"},{"vulnerability":"VCID-k3am-7v2s-xqb9"},{"vulnerability":"VCID-kafn-vb69-tub3"},{"vulnerability":"VCID-kb5d-pyxb-4fe9"},{"vulnerability":"VCID-kkbz-sb6d-nkb9"},{"vulnerability":"VCID-kzhb-zzzm-ebe1"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-mpr8-1wz2-kfgv"},{"vulnerability":"VCID-mtkv-vxpu-m3fu"},{"vulnerability":"VCID-njmm-n794-tqcr"},{"vulnerability":"VCID-nkyd-wte8-zbc8"},{"vulnerability":"VCID-nn1z-3z62-5fby"},{"vulnerability":"VCID-nttr-e3uq-tbew"},{"vulnerability":"VCID-ppev-q19c-jfcd"},{"vulnerability":"VCID-pw2j-ex1f-wkgd"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-q8m1-bjce-67bd"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-qhtm-u49u-zyeg"},{"vulnerability":"VCID-qp8b-wyj4-h7e4"},{"vulnerability":"VCID-r11x-hcqs-cfgb"},{"vulnerability":"VCID-r14r-z3cv-1qa6"},{"vulnerability":"VCID-r3y2-x3nx-67ac"},{"vulnerability":"VCID-raep-npkq-b3fx"},{"vulnerability":"VCID-rdtn-n88f-pqas"},{"vulnerability":"VCID-rh99-4vre-gfde"},{"vulnerability":"VCID-rth4-8c4m-f3gd"},{"vulnerability":"VCID-scvf-p5ff-c3df"},{"vulnerability":"VCID-sevq-49gc-k3eh"},{"vulnerability":"VCID-shq8-1n4y-vkc5"},{"vulnerability":"VCID-t2dj-e6dk-m7f2"},{"vulnerability":"VCID-tuqw-n8ka-jfht"},{"vulnerability":"VCID-udmn-j2p9-xuez"},{"vulnerability":"VCID-uhxa-me3d-sbhj"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-urkj-g83d-xkh8"},{"vulnerability":"VCID-uucj-un2y-h7h8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-vpg8-m282-bbfb"},{"vulnerability":"VCID-vtgx-x9t1-eyb1"},{"vulnerability":"VCID-vxm3-72uk-zbb8"},{"vulnerability":"VCID-w316-z2dk-sbdy"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-wdks-wa1n-ckhx"},{"vulnerability":"VCID-wvbd-6s6n-fqdz"},{"vulnerability":"VCID-x2hf-a9qm-t3du"},{"vulnerability":"VCID-x7s3-qyrt-mbat"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-xuzj-9346-tuf3"},{"vulnerability":"VCID-ybth-xfxp-c7fu"},{"vulnerability":"VCID-yrtd-47vc-muff"},{"vulnerability":"VCID-yy9b-ymk2-5kea"},{"vulnerability":"VCID-zc2s-1rty-hyd9"},{"vulnerability":"VCID-zfqe-wftj-nke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.0"}],"aliases":["BIT-tensorflow-2022-23593","CVE-2022-23593","GHSA-gwcx-jrx4-92w2","PYSEC-2022-102","PYSEC-2022-157"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hcud-kg7b-zyhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102272?format=json","vulnerability_id":"VCID-hm4p-s6xd-8uf5","summary":"TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41908","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49113","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49096","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49084","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54738","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54796","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54806","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41908"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:38Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41908","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41908"},{"reference_url":"https://github.com/advisories/GHSA-mv77-9g28-cwg3","reference_id":"GHSA-mv77-9g28-cwg3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mv77-9g28-cwg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41908","GHSA-mv77-9g28-cwg3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hm4p-s6xd-8uf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44750?format=json","vulnerability_id":"VCID-j7jy-3r33-x7fy","summary":"NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25674","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60404","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60441","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60426","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60443","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60454","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60451","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25674"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25674","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25674"},{"reference_url":"https://github.com/advisories/GHSA-gf97-q72m-7579","reference_id":"GHSA-gf97-q72m-7579","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf97-q72m-7579"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579","reference_id":"GHSA-gf97-q72m-7579","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25674","GHSA-gf97-q72m-7579"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jy-3r33-x7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110102?format=json","vulnerability_id":"VCID-kzhb-zzzm-ebe1","summary":"`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode\n### Impact\nAnother instance of CVE-2022-35991, where `TensorListScatter` and `TensorListScatterV2` crash via non scalar inputs in`element_shape`, was found in eager mode and fixed.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)\narg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_3=''\ntf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1, \nelement_shape=arg_2, name=arg_3)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf9932fc907aff0e9e8cccf769e8b00d30fd81a1](https://github.com/tensorflow/tensorflow/commit/bf9932fc907aff0e9e8cccf769e8b00d30fd81a1).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul","references":[{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m"},{"reference_url":"https://github.com/advisories/GHSA-xf83-q765-xm6m","reference_id":"GHSA-xf83-q765-xm6m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xf83-q765-xm6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["GHSA-xf83-q765-xm6m","GMS-2022-7001","GMS-2022-7009","GMS-2022-7017"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzhb-zzzm-ebe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44749?format=json","vulnerability_id":"VCID-mj52-z2qy-4bd8","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25672","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28126","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28067","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28063","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28107","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28147","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28197","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25672"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25672","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25672"},{"reference_url":"https://github.com/advisories/GHSA-94mm-g2mv-8p7r","reference_id":"GHSA-94mm-g2mv-8p7r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-94mm-g2mv-8p7r"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r","reference_id":"GHSA-94mm-g2mv-8p7r","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25672","GHSA-94mm-g2mv-8p7r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mj52-z2qy-4bd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102273?format=json","vulnerability_id":"VCID-nn1z-3z62-5fby","summary":"TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41909","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60705","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60703","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60688","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65613","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65677","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41909"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:35Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41909","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41909"},{"reference_url":"https://github.com/advisories/GHSA-rjx6-v474-2ch9","reference_id":"GHSA-rjx6-v474-2ch9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjx6-v474-2ch9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41909","GHSA-rjx6-v474-2ch9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nn1z-3z62-5fby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44748?format=json","vulnerability_id":"VCID-q2hk-yjnj-jbfb","summary":"NULL Pointer Dereference\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25676","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47259","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47245","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47275","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47293","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47291","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25676"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25676","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25676"},{"reference_url":"https://github.com/advisories/GHSA-6wfh-89q8-44jq","reference_id":"GHSA-6wfh-89q8-44jq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6wfh-89q8-44jq"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq","reference_id":"GHSA-6wfh-89q8-44jq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25676","GHSA-6wfh-89q8-44jq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2hk-yjnj-jbfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44737?format=json","vulnerability_id":"VCID-qh3y-aeak-u3hg","summary":"Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25659","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.4248","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42511","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42502","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42537","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42564","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42554","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25659"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25659","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25659"},{"reference_url":"https://github.com/advisories/GHSA-93vr-9q9m-pj8p","reference_id":"GHSA-93vr-9q9m-pj8p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93vr-9q9m-pj8p"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p","reference_id":"GHSA-93vr-9q9m-pj8p","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25659","GHSA-93vr-9q9m-pj8p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh3y-aeak-u3hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102275?format=json","vulnerability_id":"VCID-rdtn-n88f-pqas","summary":"TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41911","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36466","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36427","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36521","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36529","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36492","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36456","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41911"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41911","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41911"},{"reference_url":"https://github.com/advisories/GHSA-pf36-r9c6-h97j","reference_id":"GHSA-pf36-r9c6-h97j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf36-r9c6-h97j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41911","GHSA-pf36-r9c6-h97j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtn-n88f-pqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102256?format=json","vulnerability_id":"VCID-rh99-4vre-gfde","summary":"TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41888","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41399","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41379","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41368","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47464","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47528","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47531","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41888"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41888","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41888"},{"reference_url":"https://github.com/advisories/GHSA-6x99-gv2v-q76v","reference_id":"GHSA-6x99-gv2v-q76v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6x99-gv2v-q76v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41888","GHSA-6x99-gv2v-q76v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rh99-4vre-gfde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102268?format=json","vulnerability_id":"VCID-scvf-p5ff-c3df","summary":"TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41900","reference_id":"","reference_type":"","scores":[{"value":"0.01207","scoring_system":"epss","scoring_elements":"0.79315","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01207","scoring_system":"epss","scoring_elements":"0.79324","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01207","scoring_system":"epss","scoring_elements":"0.79305","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01243","scoring_system":"epss","scoring_elements":"0.79613","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01243","scoring_system":"epss","scoring_elements":"0.79639","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01243","scoring_system":"epss","scoring_elements":"0.79644","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41900"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41900","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41900"},{"reference_url":"https://github.com/advisories/GHSA-xvwp-h6jv-7472","reference_id":"GHSA-xvwp-h6jv-7472","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvwp-h6jv-7472"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41900","GHSA-xvwp-h6jv-7472"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scvf-p5ff-c3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102259?format=json","vulnerability_id":"VCID-tuqw-n8ka-jfht","summary":"TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41890","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3436","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34307","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34404","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3442","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34384","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34342","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41890"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:20Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41890","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41890"},{"reference_url":"https://github.com/advisories/GHSA-h246-cgh4-7475","reference_id":"GHSA-h246-cgh4-7475","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h246-cgh4-7475"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41890","GHSA-h246-cgh4-7475"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuqw-n8ka-jfht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44732?format=json","vulnerability_id":"VCID-upnq-6wx8-gug8","summary":"Incorrect Comparison\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25673","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51571","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51602","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51583","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51616","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51637","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51631","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25673"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25673","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25673"},{"reference_url":"https://github.com/advisories/GHSA-647v-r7qq-24fh","reference_id":"GHSA-647v-r7qq-24fh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-647v-r7qq-24fh"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh","reference_id":"GHSA-647v-r7qq-24fh","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25673","GHSA-647v-r7qq-24fh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upnq-6wx8-gug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44742?format=json","vulnerability_id":"VCID-v68f-q5vf-wkf5","summary":"Incorrect Comparison\nTensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25675","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42796","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4283","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42857","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42881","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4287","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25675"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25675","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25675"},{"reference_url":"https://github.com/advisories/GHSA-7x4v-9gxg-9hwj","reference_id":"GHSA-7x4v-9gxg-9hwj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7x4v-9gxg-9hwj"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj","reference_id":"GHSA-7x4v-9gxg-9hwj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25675","GHSA-7x4v-9gxg-9hwj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v68f-q5vf-wkf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102263?format=json","vulnerability_id":"VCID-vxm3-72uk-zbb8","summary":"TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41895","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35196","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35313","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35257","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35236","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35277","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41895"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41895","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41895"},{"reference_url":"https://github.com/advisories/GHSA-gq2j-cr96-gvqx","reference_id":"GHSA-gq2j-cr96-gvqx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gq2j-cr96-gvqx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41895","GHSA-gq2j-cr96-gvqx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxm3-72uk-zbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44738?format=json","vulnerability_id":"VCID-w5vq-nwu5-pken","summary":"NULL Pointer Dereference\nTensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25670","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47226","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47259","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47245","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47275","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47293","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47291","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25670"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25670","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25670"},{"reference_url":"https://github.com/advisories/GHSA-49rq-hwc3-x77w","reference_id":"GHSA-49rq-hwc3-x77w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-49rq-hwc3-x77w"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w","reference_id":"GHSA-49rq-hwc3-x77w","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25670","GHSA-49rq-hwc3-x77w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5vq-nwu5-pken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102249?format=json","vulnerability_id":"VCID-wdks-wa1n-ckhx","summary":"TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41880","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36583","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36685","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36677","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39261","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39276","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39249","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41880"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:45Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41880","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41880"},{"reference_url":"https://github.com/advisories/GHSA-8w5g-3wcv-9g2j","reference_id":"GHSA-8w5g-3wcv-9g2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w5g-3wcv-9g2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41880","GHSA-8w5g-3wcv-9g2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdks-wa1n-ckhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44735?format=json","vulnerability_id":"VCID-xej2-7wvk-xuec","summary":"Out-of-bounds Read\nTensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out-of-bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25658","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16963","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16938","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1692","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17002","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17037","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17042","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25658"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25658","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25658"},{"reference_url":"https://github.com/advisories/GHSA-68v3-g9cm-rmm6","reference_id":"GHSA-68v3-g9cm-rmm6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68v3-g9cm-rmm6"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6","reference_id":"GHSA-68v3-g9cm-rmm6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64390?format=json","purl":"pkg:pypi/tensorflow-gpu@2.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/643972?format=json","purl":"pkg:pypi/tensorflow-gpu@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37j3-cnw5-4fch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.12.0"}],"aliases":["CVE-2023-25658","GHSA-68v3-g9cm-rmm6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xej2-7wvk-xuec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102255?format=json","vulnerability_id":"VCID-yrtd-47vc-muff","summary":"TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41887","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3399","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34107","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34091","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36485","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36511","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36474","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41887"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:29Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41887","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41887"},{"reference_url":"https://github.com/advisories/GHSA-8fvv-46hw-vpg3","reference_id":"GHSA-8fvv-46hw-vpg3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fvv-46hw-vpg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41887","GHSA-8fvv-46hw-vpg3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrtd-47vc-muff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102266?format=json","vulnerability_id":"VCID-yy9b-ymk2-5kea","summary":"TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41898","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35604","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35588","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40337","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41898"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:56Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41898","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41898"},{"reference_url":"https://github.com/advisories/GHSA-hq7g-wwwp-q46h","reference_id":"GHSA-hq7g-wwwp-q46h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hq7g-wwwp-q46h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41898","GHSA-hq7g-wwwp-q46h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy9b-ymk2-5kea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102264?format=json","vulnerability_id":"VCID-zc2s-1rty-hyd9","summary":"TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41896","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35604","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35588","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40337","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41896"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860"},{"reference_url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:42:05Z/"}],"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41896","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41896"},{"reference_url":"https://github.com/advisories/GHSA-rmg2-f698-wq35","reference_id":"GHSA-rmg2-f698-wq35","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rmg2-f698-wq35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148483?format=json","purl":"pkg:pypi/tensorflow-gpu@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"},{"vulnerability":"VCID-yrtd-47vc-muff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148485?format=json","purl":"pkg:pypi/tensorflow-gpu@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/148487?format=json","purl":"pkg:pypi/tensorflow-gpu@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jte-hpg7-gydx"},{"vulnerability":"VCID-36ey-jnev-qqf8"},{"vulnerability":"VCID-37j3-cnw5-4fch"},{"vulnerability":"VCID-6f4y-m6ca-nyf6"},{"vulnerability":"VCID-6yy3-r6mh-j3e8"},{"vulnerability":"VCID-8nt4-mp8z-b3et"},{"vulnerability":"VCID-b31k-j7yk-muhz"},{"vulnerability":"VCID-c1qd-61t7-2fe3"},{"vulnerability":"VCID-cvdm-ubbq-63ew"},{"vulnerability":"VCID-dftm-vs4w-kfag"},{"vulnerability":"VCID-ev9c-cxzc-p7hb"},{"vulnerability":"VCID-h18h-987d-q7he"},{"vulnerability":"VCID-j7jy-3r33-x7fy"},{"vulnerability":"VCID-mj52-z2qy-4bd8"},{"vulnerability":"VCID-q2hk-yjnj-jbfb"},{"vulnerability":"VCID-qh3y-aeak-u3hg"},{"vulnerability":"VCID-upnq-6wx8-gug8"},{"vulnerability":"VCID-v68f-q5vf-wkf5"},{"vulnerability":"VCID-w5vq-nwu5-pken"},{"vulnerability":"VCID-xej2-7wvk-xuec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.10.1"}],"aliases":["CVE-2022-41896","GHSA-rmg2-f698-wq35"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2s-1rty-hyd9"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-gpu@2.8.0rc0"}