Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/tensorflow@2.10.0rc2
Typepypi
Namespace
Nametensorflow
Version2.10.0rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.12.1
Latest_non_vulnerable_version2.12.1
Affected_by_vulnerabilities
0
url VCID-1jte-hpg7-gydx
vulnerability_id VCID-1jte-hpg7-gydx
summary 
Incorrect Comparison
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25669
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42796
published_at 2026-06-04T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.4282
published_at 2026-06-08T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.42857
published_at 2026-06-07T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.42881
published_at 2026-06-06T12:55:00Z
4
value 0.00206
scoring_system epss
scoring_elements 0.4287
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25669
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/
url https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25669
5
reference_url https://github.com/advisories/GHSA-rcf8-g8jv-vg6p
reference_id GHSA-rcf8-g8jv-vg6p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcf8-g8jv-vg6p
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p
reference_id GHSA-rcf8-g8jv-vg6p
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:33:22Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25669, GHSA-rcf8-g8jv-vg6p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jte-hpg7-gydx
1
url VCID-34ue-dphj-8ka5
vulnerability_id VCID-34ue-dphj-8ka5
summary TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35963
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20176
published_at 2026-06-07T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20216
published_at 2026-06-06T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20223
published_at 2026-06-05T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.2011
published_at 2026-06-08T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.20147
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35963
1
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
2
reference_url https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:53Z/
url https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad
3
reference_url https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
4
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:53Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35963
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35963
6
reference_url https://github.com/advisories/GHSA-84jm-4cf3-9jfm
reference_id GHSA-84jm-4cf3-9jfm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-84jm-4cf3-9jfm
fixed_packages
aliases CVE-2022-35963, GHSA-84jm-4cf3-9jfm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-34ue-dphj-8ka5
2
url VCID-36ey-jnev-qqf8
vulnerability_id VCID-36ey-jnev-qqf8
summary 
Incorrect Comparison
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25666
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17098
published_at 2026-06-04T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17056
published_at 2026-06-08T12:55:00Z
2
value 0.00054
scoring_system epss
scoring_elements 0.17135
published_at 2026-06-07T12:55:00Z
3
value 0.00054
scoring_system epss
scoring_elements 0.1717
published_at 2026-06-06T12:55:00Z
4
value 0.00054
scoring_system epss
scoring_elements 0.17174
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25666
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/
url https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25666
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25666
5
reference_url https://github.com/advisories/GHSA-f637-vh3r-vfh2
reference_id GHSA-f637-vh3r-vfh2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f637-vh3r-vfh2
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2
reference_id GHSA-f637-vh3r-vfh2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:40:27Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
1
url pkg:pypi/tensorflow@2.12.0
purl pkg:pypi/tensorflow@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37j3-cnw5-4fch
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0
aliases CVE-2023-25666, GHSA-f637-vh3r-vfh2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36ey-jnev-qqf8
3
url VCID-37j3-cnw5-4fch
vulnerability_id VCID-37j3-cnw5-4fch
summary 
TensorFlow has segfault in array_ops.upper_bound
`array_ops.upper_bound` causes a segfault when not given a rank 2 tensor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33976
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11156
published_at 2026-06-08T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11236
published_at 2026-06-07T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.1127
published_at 2026-06-06T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11278
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33976
1
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
2
reference_url https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/
url https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec
3
reference_url https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/
url https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33976
reference_id CVE-2023-33976
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33976
5
reference_url https://github.com/advisories/GHSA-gjh7-xx4r-x345
reference_id GHSA-gjh7-xx4r-x345
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjh7-xx4r-x345
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345
reference_id GHSA-gjh7-xx4r-x345
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:13:44Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345
fixed_packages
0
url pkg:pypi/tensorflow@2.12.1
purl pkg:pypi/tensorflow@2.12.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.1
aliases CVE-2023-33976, GHSA-gjh7-xx4r-x345
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37j3-cnw5-4fch
4
url VCID-3jab-qtww-47eq
vulnerability_id VCID-3jab-qtww-47eq
summary TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35960
reference_id
reference_type
scores
0
value 0.00208
scoring_system epss
scoring_elements 0.43285
published_at 2026-06-07T12:55:00Z
1
value 0.00208
scoring_system epss
scoring_elements 0.43309
published_at 2026-06-06T12:55:00Z
2
value 0.00208
scoring_system epss
scoring_elements 0.43299
published_at 2026-06-05T12:55:00Z
3
value 0.00208
scoring_system epss
scoring_elements 0.4325
published_at 2026-06-08T12:55:00Z
4
value 0.00208
scoring_system epss
scoring_elements 0.43227
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35960
1
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
2
reference_url https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/
url https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325
3
reference_url https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/
url https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7
4
reference_url https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
5
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:55Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35960
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35960
7
reference_url https://github.com/advisories/GHSA-v5xg-3q2c-c2r4
reference_id GHSA-v5xg-3q2c-c2r4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v5xg-3q2c-c2r4
fixed_packages
aliases CVE-2022-35960, GHSA-v5xg-3q2c-c2r4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jab-qtww-47eq
5
url VCID-63yf-6n3f-uugw
vulnerability_id VCID-63yf-6n3f-uugw
summary TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35959
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20176
published_at 2026-06-07T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20216
published_at 2026-06-06T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20223
published_at 2026-06-05T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.2011
published_at 2026-06-08T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.20147
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35959
1
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
2
reference_url https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:58Z/
url https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb
3
reference_url https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
4
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:59:58Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35959
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35959
6
reference_url https://github.com/advisories/GHSA-wxjj-cgcx-r3vq
reference_id GHSA-wxjj-cgcx-r3vq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxjj-cgcx-r3vq
fixed_packages
aliases CVE-2022-35959, GHSA-wxjj-cgcx-r3vq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63yf-6n3f-uugw
6
url VCID-6f4y-m6ca-nyf6
vulnerability_id VCID-6f4y-m6ca-nyf6
summary 
NULL Pointer Dereference
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25663
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42948
published_at 2026-06-04T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.42974
published_at 2026-06-08T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.4301
published_at 2026-06-07T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.4303
published_at 2026-06-06T12:55:00Z
4
value 0.00206
scoring_system epss
scoring_elements 0.43022
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25663
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/
url https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25663
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25663
5
reference_url https://github.com/advisories/GHSA-64jg-wjww-7c5w
reference_id GHSA-64jg-wjww-7c5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64jg-wjww-7c5w
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w
reference_id GHSA-64jg-wjww-7c5w
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:12Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25663, GHSA-64jg-wjww-7c5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4y-m6ca-nyf6
7
url VCID-6yy3-r6mh-j3e8
vulnerability_id VCID-6yy3-r6mh-j3e8
summary 
NULL Pointer Dereference
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25665
reference_id
reference_type
scores
0
value 0.00125
scoring_system epss
scoring_elements 0.31244
published_at 2026-06-04T12:55:00Z
1
value 0.00125
scoring_system epss
scoring_elements 0.31211
published_at 2026-06-08T12:55:00Z
2
value 0.00125
scoring_system epss
scoring_elements 0.31243
published_at 2026-06-07T12:55:00Z
3
value 0.00125
scoring_system epss
scoring_elements 0.31278
published_at 2026-06-06T12:55:00Z
4
value 0.00125
scoring_system epss
scoring_elements 0.31312
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25665
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/
url https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25665
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25665
5
reference_url https://github.com/advisories/GHSA-558h-mq8x-7q9g
reference_id GHSA-558h-mq8x-7q9g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-558h-mq8x-7q9g
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g
reference_id GHSA-558h-mq8x-7q9g
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:58Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
1
url pkg:pypi/tensorflow@2.12.0
purl pkg:pypi/tensorflow@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37j3-cnw5-4fch
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0
aliases CVE-2023-25665, GHSA-558h-mq8x-7q9g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yy3-r6mh-j3e8
8
url VCID-8nt4-mp8z-b3et
vulnerability_id VCID-8nt4-mp8z-b3et
summary 
Double Free
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25801
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25139
published_at 2026-06-04T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25112
published_at 2026-06-08T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.2517
published_at 2026-06-07T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.2522
published_at 2026-06-06T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.25235
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25801
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/
url https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25801
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25801
5
reference_url https://github.com/advisories/GHSA-f49c-87jh-g47q
reference_id GHSA-f49c-87jh-g47q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f49c-87jh-g47q
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q
reference_id GHSA-f49c-87jh-g47q
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:44:21Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
1
url pkg:pypi/tensorflow@2.12.0
purl pkg:pypi/tensorflow@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37j3-cnw5-4fch
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0
aliases CVE-2023-25801, GHSA-f49c-87jh-g47q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nt4-mp8z-b3et
9
url VCID-b31k-j7yk-muhz
vulnerability_id VCID-b31k-j7yk-muhz
summary 
Heap-based Buffer Overflow
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25668
reference_id
reference_type
scores
0
value 0.01465
scoring_system epss
scoring_elements 0.81228
published_at 2026-06-04T12:55:00Z
1
value 0.01465
scoring_system epss
scoring_elements 0.81251
published_at 2026-06-08T12:55:00Z
2
value 0.01465
scoring_system epss
scoring_elements 0.81255
published_at 2026-06-07T12:55:00Z
3
value 0.01465
scoring_system epss
scoring_elements 0.81258
published_at 2026-06-06T12:55:00Z
4
value 0.01465
scoring_system epss
scoring_elements 0.81256
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25668
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/
url https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25668
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25668
5
reference_url https://github.com/advisories/GHSA-gw97-ff7c-9v96
reference_id GHSA-gw97-ff7c-9v96
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gw97-ff7c-9v96
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96
reference_id GHSA-gw97-ff7c-9v96
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-19T20:32:32Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
1
url pkg:pypi/tensorflow@2.12.0
purl pkg:pypi/tensorflow@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37j3-cnw5-4fch
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0
aliases CVE-2023-25668, GHSA-gw97-ff7c-9v96
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b31k-j7yk-muhz
10
url VCID-c1qd-61t7-2fe3
vulnerability_id VCID-c1qd-61t7-2fe3
summary 
Integer Overflow or Wraparound
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25667
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43581
published_at 2026-06-04T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43605
published_at 2026-06-08T12:55:00Z
2
value 0.00211
scoring_system epss
scoring_elements 0.43639
published_at 2026-06-07T12:55:00Z
3
value 0.00211
scoring_system epss
scoring_elements 0.43663
published_at 2026-06-06T12:55:00Z
4
value 0.00211
scoring_system epss
scoring_elements 0.43652
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25667
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/
url https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25667
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25667
5
reference_url https://github.com/advisories/GHSA-fqm2-gh8w-gr68
reference_id GHSA-fqm2-gh8w-gr68
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqm2-gh8w-gr68
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68
reference_id GHSA-fqm2-gh8w-gr68
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:39:37Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25667, GHSA-fqm2-gh8w-gr68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1qd-61t7-2fe3
11
url VCID-cvdm-ubbq-63ew
vulnerability_id VCID-cvdm-ubbq-63ew
summary 
NULL Pointer Dereference
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25660
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47226
published_at 2026-06-04T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47245
published_at 2026-06-08T12:55:00Z
2
value 0.0024
scoring_system epss
scoring_elements 0.47275
published_at 2026-06-07T12:55:00Z
3
value 0.0024
scoring_system epss
scoring_elements 0.47293
published_at 2026-06-06T12:55:00Z
4
value 0.0024
scoring_system epss
scoring_elements 0.47291
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25660
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/
url https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25660
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25660
5
reference_url https://github.com/advisories/GHSA-qjqc-vqcf-5qvj
reference_id GHSA-qjqc-vqcf-5qvj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjqc-vqcf-5qvj
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj
reference_id GHSA-qjqc-vqcf-5qvj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:30:06Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25660, GHSA-qjqc-vqcf-5qvj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvdm-ubbq-63ew
12
url VCID-dftm-vs4w-kfag
vulnerability_id VCID-dftm-vs4w-kfag
summary 
Heap-based Buffer Overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25664
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25581
published_at 2026-06-04T12:55:00Z
1
value 0.0009
scoring_system epss
scoring_elements 0.25568
published_at 2026-06-08T12:55:00Z
2
value 0.0009
scoring_system epss
scoring_elements 0.25626
published_at 2026-06-07T12:55:00Z
3
value 0.0009
scoring_system epss
scoring_elements 0.25674
published_at 2026-06-06T12:55:00Z
4
value 0.0009
scoring_system epss
scoring_elements 0.25683
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25664
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/
url https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25664
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25664
5
reference_url https://github.com/advisories/GHSA-6hg6-5c2q-7rcr
reference_id GHSA-6hg6-5c2q-7rcr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6hg6-5c2q-7rcr
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr
reference_id GHSA-6hg6-5c2q-7rcr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:38:56Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
1
url pkg:pypi/tensorflow@2.12.0
purl pkg:pypi/tensorflow@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37j3-cnw5-4fch
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0
aliases CVE-2023-25664, GHSA-6hg6-5c2q-7rcr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dftm-vs4w-kfag
13
url VCID-ev9c-cxzc-p7hb
vulnerability_id VCID-ev9c-cxzc-p7hb
summary 
Integer Overflow or Wraparound
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 is vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25662
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35456
published_at 2026-06-04T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35485
published_at 2026-06-08T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35524
published_at 2026-06-07T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35562
published_at 2026-06-06T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35551
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25662
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/
url https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25662
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25662
5
reference_url https://github.com/advisories/GHSA-7jvm-xxmr-v5cw
reference_id GHSA-7jvm-xxmr-v5cw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7jvm-xxmr-v5cw
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw
reference_id GHSA-7jvm-xxmr-v5cw
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:37:26Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25662, GHSA-7jvm-xxmr-v5cw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev9c-cxzc-p7hb
14
url VCID-h18h-987d-q7he
vulnerability_id VCID-h18h-987d-q7he
summary 
Incorrect Comparison
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27579
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.4287
published_at 2026-06-05T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.4282
published_at 2026-06-08T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.42857
published_at 2026-06-07T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.42881
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27579
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/
url https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27579
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27579
5
reference_url https://github.com/advisories/GHSA-5w96-866f-6rm8
reference_id GHSA-5w96-866f-6rm8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5w96-866f-6rm8
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
reference_id GHSA-5w96-866f-6rm8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-27579, GHSA-5w96-866f-6rm8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h18h-987d-q7he
15
url VCID-j7jy-3r33-x7fy
vulnerability_id VCID-j7jy-3r33-x7fy
summary 
NULL Pointer Dereference
TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25674
reference_id
reference_type
scores
0
value 0.00391
scoring_system epss
scoring_elements 0.60404
published_at 2026-06-04T12:55:00Z
1
value 0.00391
scoring_system epss
scoring_elements 0.60426
published_at 2026-06-08T12:55:00Z
2
value 0.00391
scoring_system epss
scoring_elements 0.60443
published_at 2026-06-07T12:55:00Z
3
value 0.00391
scoring_system epss
scoring_elements 0.60454
published_at 2026-06-06T12:55:00Z
4
value 0.00391
scoring_system epss
scoring_elements 0.60451
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25674
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/
url https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25674
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25674
5
reference_url https://github.com/advisories/GHSA-gf97-q72m-7579
reference_id GHSA-gf97-q72m-7579
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gf97-q72m-7579
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579
reference_id GHSA-gf97-q72m-7579
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:16:05Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25674, GHSA-gf97-q72m-7579
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jy-3r33-x7fy
16
url VCID-jswv-zqu6-efee
vulnerability_id VCID-jswv-zqu6-efee
summary 
TensorFlow Denial of Service vulnerability
### Impact
A malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack.
To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed in real-world systems. However, if we call the model with a malicious input which has a zero dimension, it gives Check Failed failure and crashes.
```python
import tensorflow as tf

class MyModel(tf.keras.Model):
 def __init__(self):
  super().__init__()
  self.conv = tf.keras.layers.Convolution3DTranspose(2, [3,3,3], padding="same")
  
 def call(self, input):
  return self.conv(input)
model = MyModel() # Defines a valid model.

x = tf.random.uniform([1, 32, 32, 32, 3], minval=0, maxval=0, dtype=tf.float32) # This is a valid input.
output = model.predict(x)
print(output.shape) # (1, 32, 32, 32, 2)

x = tf.random.uniform([1, 32, 32, 0, 3], dtype=tf.float32) # This is an invalid input.
output = model(x) # crash
```
This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services.

### Patches
We have patched the issue in
- GitHub commit [948fe6369a5711d4b4568ea9bbf6015c6dfb77e2](https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2)
 - GitHub commit [85db5d07db54b853484bfd358c3894d948c36baf](https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf). 

The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1


 ### For more information
Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25661
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.37103
published_at 2026-06-05T12:55:00Z
1
value 0.00163
scoring_system epss
scoring_elements 0.3704
published_at 2026-06-08T12:55:00Z
2
value 0.00163
scoring_system epss
scoring_elements 0.37079
published_at 2026-06-07T12:55:00Z
3
value 0.00163
scoring_system epss
scoring_elements 0.37111
published_at 2026-06-06T12:55:00Z
4
value 0.00163
scoring_system epss
scoring_elements 0.37012
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25661
1
reference_url https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/
url https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25661
reference_id CVE-2023-25661
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25661
5
reference_url https://github.com/advisories/GHSA-fxgc-95xx-grvq
reference_id GHSA-fxgc-95xx-grvq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxgc-95xx-grvq
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq
reference_id GHSA-fxgc-95xx-grvq
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:25:34Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25661, GHSA-fxgc-95xx-grvq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jswv-zqu6-efee
17
url VCID-mj52-z2qy-4bd8
vulnerability_id VCID-mj52-z2qy-4bd8
summary 
NULL Pointer Dereference
TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25672
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28126
published_at 2026-06-04T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28063
published_at 2026-06-08T12:55:00Z
2
value 0.00105
scoring_system epss
scoring_elements 0.28107
published_at 2026-06-07T12:55:00Z
3
value 0.00105
scoring_system epss
scoring_elements 0.28147
published_at 2026-06-06T12:55:00Z
4
value 0.00105
scoring_system epss
scoring_elements 0.28197
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25672
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/
url https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25672
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25672
5
reference_url https://github.com/advisories/GHSA-94mm-g2mv-8p7r
reference_id GHSA-94mm-g2mv-8p7r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-94mm-g2mv-8p7r
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r
reference_id GHSA-94mm-g2mv-8p7r
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:14:12Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25672, GHSA-94mm-g2mv-8p7r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mj52-z2qy-4bd8
18
url VCID-mkr8-shuu-1qhk
vulnerability_id VCID-mkr8-shuu-1qhk
summary 
Out-of-bounds Write
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25671
reference_id
reference_type
scores
0
value 0.00318
scoring_system epss
scoring_elements 0.55192
published_at 2026-06-08T12:55:00Z
1
value 0.00318
scoring_system epss
scoring_elements 0.55155
published_at 2026-06-04T12:55:00Z
2
value 0.00318
scoring_system epss
scoring_elements 0.55213
published_at 2026-06-05T12:55:00Z
3
value 0.00318
scoring_system epss
scoring_elements 0.5522
published_at 2026-06-06T12:55:00Z
4
value 0.00318
scoring_system epss
scoring_elements 0.55211
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25671
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/
url https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367
4
reference_url https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/
url https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25671
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25671
6
reference_url https://github.com/advisories/GHSA-j5w9-hmfh-4cr6
reference_id GHSA-j5w9-hmfh-4cr6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j5w9-hmfh-4cr6
7
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6
reference_id GHSA-j5w9-hmfh-4cr6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:42:11Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25671, GHSA-j5w9-hmfh-4cr6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkr8-shuu-1qhk
19
url VCID-q2hk-yjnj-jbfb
vulnerability_id VCID-q2hk-yjnj-jbfb
summary 
NULL Pointer Dereference
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25676
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47226
published_at 2026-06-04T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47245
published_at 2026-06-08T12:55:00Z
2
value 0.0024
scoring_system epss
scoring_elements 0.47275
published_at 2026-06-07T12:55:00Z
3
value 0.0024
scoring_system epss
scoring_elements 0.47293
published_at 2026-06-06T12:55:00Z
4
value 0.0024
scoring_system epss
scoring_elements 0.47291
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25676
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/
url https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25676
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25676
5
reference_url https://github.com/advisories/GHSA-6wfh-89q8-44jq
reference_id GHSA-6wfh-89q8-44jq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6wfh-89q8-44jq
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq
reference_id GHSA-6wfh-89q8-44jq
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:43:05Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
1
url pkg:pypi/tensorflow@2.12.0
purl pkg:pypi/tensorflow@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37j3-cnw5-4fch
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0
aliases CVE-2023-25676, GHSA-6wfh-89q8-44jq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2hk-yjnj-jbfb
20
url VCID-qh3y-aeak-u3hg
vulnerability_id VCID-qh3y-aeak-u3hg
summary 
Out-of-bounds Read
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25659
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.4248
published_at 2026-06-04T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42502
published_at 2026-06-08T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42537
published_at 2026-06-07T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42564
published_at 2026-06-06T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42554
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25659
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/
url https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25659
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25659
5
reference_url https://github.com/advisories/GHSA-93vr-9q9m-pj8p
reference_id GHSA-93vr-9q9m-pj8p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93vr-9q9m-pj8p
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p
reference_id GHSA-93vr-9q9m-pj8p
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:34:25Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25659, GHSA-93vr-9q9m-pj8p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qh3y-aeak-u3hg
21
url VCID-upnq-6wx8-gug8
vulnerability_id VCID-upnq-6wx8-gug8
summary 
Incorrect Comparison
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25673
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.51571
published_at 2026-06-04T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.51583
published_at 2026-06-08T12:55:00Z
2
value 0.0028
scoring_system epss
scoring_elements 0.51616
published_at 2026-06-07T12:55:00Z
3
value 0.0028
scoring_system epss
scoring_elements 0.51637
published_at 2026-06-06T12:55:00Z
4
value 0.0028
scoring_system epss
scoring_elements 0.51631
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25673
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/
url https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25673
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25673
5
reference_url https://github.com/advisories/GHSA-647v-r7qq-24fh
reference_id GHSA-647v-r7qq-24fh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-647v-r7qq-24fh
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh
reference_id GHSA-647v-r7qq-24fh
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:15:44Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25673, GHSA-647v-r7qq-24fh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-upnq-6wx8-gug8
22
url VCID-v68f-q5vf-wkf5
vulnerability_id VCID-v68f-q5vf-wkf5
summary 
Incorrect Comparison
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25675
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42796
published_at 2026-06-04T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.4282
published_at 2026-06-08T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.42857
published_at 2026-06-07T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.42881
published_at 2026-06-06T12:55:00Z
4
value 0.00206
scoring_system epss
scoring_elements 0.4287
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25675
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/
url https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25675
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25675
5
reference_url https://github.com/advisories/GHSA-7x4v-9gxg-9hwj
reference_id GHSA-7x4v-9gxg-9hwj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7x4v-9gxg-9hwj
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj
reference_id GHSA-7x4v-9gxg-9hwj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:23:26Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
1
url pkg:pypi/tensorflow@2.12.0
purl pkg:pypi/tensorflow@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37j3-cnw5-4fch
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.12.0
aliases CVE-2023-25675, GHSA-7x4v-9gxg-9hwj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v68f-q5vf-wkf5
23
url VCID-w5vq-nwu5-pken
vulnerability_id VCID-w5vq-nwu5-pken
summary 
NULL Pointer Dereference
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25670
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47226
published_at 2026-06-04T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47245
published_at 2026-06-08T12:55:00Z
2
value 0.0024
scoring_system epss
scoring_elements 0.47275
published_at 2026-06-07T12:55:00Z
3
value 0.0024
scoring_system epss
scoring_elements 0.47293
published_at 2026-06-06T12:55:00Z
4
value 0.0024
scoring_system epss
scoring_elements 0.47291
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25670
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/
url https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25670
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25670
5
reference_url https://github.com/advisories/GHSA-49rq-hwc3-x77w
reference_id GHSA-49rq-hwc3-x77w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-49rq-hwc3-x77w
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w
reference_id GHSA-49rq-hwc3-x77w
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:41:15Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25670, GHSA-49rq-hwc3-x77w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5vq-nwu5-pken
24
url VCID-xej2-7wvk-xuec
vulnerability_id VCID-xej2-7wvk-xuec
summary 
Out-of-bounds Read
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out-of-bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25658
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.16963
published_at 2026-06-04T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.1692
published_at 2026-06-08T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.17002
published_at 2026-06-07T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.17037
published_at 2026-06-06T12:55:00Z
4
value 0.00053
scoring_system epss
scoring_elements 0.17042
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25658
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/tensorflow/tensorflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tensorflow/tensorflow
3
reference_url https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/
url https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25658
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25658
5
reference_url https://github.com/advisories/GHSA-68v3-g9cm-rmm6
reference_id GHSA-68v3-g9cm-rmm6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68v3-g9cm-rmm6
6
reference_url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6
reference_id GHSA-68v3-g9cm-rmm6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:13:25Z/
url https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6
fixed_packages
0
url pkg:pypi/tensorflow@2.11.1
purl pkg:pypi/tensorflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ey-jnev-qqf8
1
vulnerability VCID-37j3-cnw5-4fch
2
vulnerability VCID-6yy3-r6mh-j3e8
3
vulnerability VCID-8nt4-mp8z-b3et
4
vulnerability VCID-b31k-j7yk-muhz
5
vulnerability VCID-dftm-vs4w-kfag
6
vulnerability VCID-q2hk-yjnj-jbfb
7
vulnerability VCID-v68f-q5vf-wkf5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.11.1
aliases CVE-2023-25658, GHSA-68v3-g9cm-rmm6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xej2-7wvk-xuec
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow@2.10.0rc2