Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/tensorflow-cpu@2.8.0rc0
purl pkg:pypi/tensorflow-cpu@2.8.0rc0
Next non-vulnerable version 2.12.1
Latest non-vulnerable version 2.12.1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-d3k4-z4f1-hfhy
Aliases:
BIT-tensorflow-2022-23592
CVE-2022-23592
GHSA-vq36-27g6-p492
PYSEC-2022-101
PYSEC-2022-156
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
2.8.0
Affected by 128 other vulnerabilities.
VCID-hcud-kg7b-zyhx
Aliases:
BIT-tensorflow-2022-23593
CVE-2022-23593
GHSA-gwcx-jrx4-92w2
PYSEC-2022-102
PYSEC-2022-157
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
2.8.0
Affected by 128 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T21:18:41.927069+00:00 GHSA Importer Affected by VCID-hcud-kg7b-zyhx https://github.com/advisories/GHSA-gwcx-jrx4-92w2 38.6.0
2026-06-05T21:18:41.522731+00:00 GHSA Importer Affected by VCID-d3k4-z4f1-hfhy https://github.com/advisories/GHSA-vq36-27g6-p492 38.6.0
2026-06-05T17:01:51.710550+00:00 PyPI Importer Affected by VCID-hcud-kg7b-zyhx https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-05T17:01:43.637214+00:00 PyPI Importer Affected by VCID-d3k4-z4f1-hfhy https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-04T17:50:44.216067+00:00 GithubOSV Importer Affected by VCID-hcud-kg7b-zyhx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-gwcx-jrx4-92w2/GHSA-gwcx-jrx4-92w2.json 38.6.0
2026-06-04T17:50:04.428928+00:00 GithubOSV Importer Affected by VCID-d3k4-z4f1-hfhy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-vq36-27g6-p492/GHSA-vq36-27g6-p492.json 38.6.0
2026-06-02T04:41:23.928847+00:00 GitLab Importer Affected by VCID-hcud-kg7b-zyhx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow-cpu/CVE-2022-23593.yml 38.6.0
2026-06-02T04:41:21.892802+00:00 GitLab Importer Affected by VCID-d3k4-z4f1-hfhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow-cpu/CVE-2022-23592.yml 38.6.0
2026-06-02T04:16:44.109863+00:00 Pypa Importer Affected by VCID-hcud-kg7b-zyhx https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml 38.6.0
2026-06-02T04:16:40.256660+00:00 Pypa Importer Affected by VCID-d3k4-z4f1-hfhy https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2022-101.yaml 38.6.0