Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-naue-2f2t-mkeg
Vulnerability ID VCID-naue-2f2t-mkeg
Aliases BIT-tensorflow-2021-37682
CVE-2021-37682
GHSA-4c4g-crqm-xrxw
PYSEC-2021-304
PYSEC-2021-595
PYSEC-2021-793
Summary multiple issues
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-908 Use of Uninitialized Resource
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-37682
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2021-37682
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-4c4g-crqm-xrxw
cvssv3.1 4.4 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-595.yaml
cvssv4 4.8 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-595.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-595.yaml
cvssv3.1 4.4 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-793.yaml
cvssv4 4.8 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-793.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-793.yaml
cvssv3.1 4.4 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-304.yaml
cvssv4 4.8 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-304.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-304.yaml
cvssv3.1 4.4 https://github.com/tensorflow/tensorflow
cvssv4 4.8 https://github.com/tensorflow/tensorflow
generic_textual MODERATE https://github.com/tensorflow/tensorflow
cvssv3.1 4.4 https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200
cvssv4 4.8 https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200
generic_textual MODERATE https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200
cvssv3.1 4.4 https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5
cvssv4 4.8 https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5
generic_textual MODERATE https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5
cvssv3.1 4.4 https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887
cvssv4 4.8 https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887
generic_textual MODERATE https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887
cvssv3.1 4.4 https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538
cvssv4 4.8 https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538
generic_textual MODERATE https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538
cvssv3.1 4.4 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw
cvssv3.1_qr MODERATE https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw
cvssv4 4.8 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw
generic_textual MODERATE https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw
cvssv3.1 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-37682
cvssv4 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37682
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-37682
archlinux Critical https://security.archlinux.org/AVG-2292
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-37682
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-595.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-793.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-304.yaml
https://github.com/tensorflow/tensorflow
https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200
https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5
https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887
https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw
https://nvd.nist.gov/vuln/detail/CVE-2021-37682
AVG-2292 https://security.archlinux.org/AVG-2292
GHSA-4c4g-crqm-xrxw https://github.com/advisories/GHSA-4c4g-crqm-xrxw
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-595.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-595.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-793.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-793.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-304.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-304.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-37682
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-37682
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11956
EPSS Score 0.00039
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T19:56:05.290783+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-2292 38.6.0