Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-uecn-7vbt-kfdh
Vulnerability ID VCID-uecn-7vbt-kfdh
Aliases BIT-tensorflow-2021-37678
CVE-2021-37678
GHSA-r6jx-9g48-2r5r
PYSEC-2021-300
PYSEC-2021-591
PYSEC-2021-789
Summary multiple issues
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-502 Deserialization of Untrusted Data
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.01023 https://api.first.org/data/v1/epss?cve=CVE-2021-37678
epss 0.01023 https://api.first.org/data/v1/epss?cve=CVE-2021-37678
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-r6jx-9g48-2r5r
cvssv3.1 9.3 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-591.yaml
cvssv4 8.5 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-591.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-591.yaml
cvssv3.1 9.3 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-789.yaml
cvssv4 8.5 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-789.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-789.yaml
cvssv3.1 9.3 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-300.yaml
cvssv4 8.5 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-300.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-300.yaml
cvssv3.1 9.3 https://github.com/tensorflow/tensorflow
cvssv4 8.5 https://github.com/tensorflow/tensorflow
generic_textual HIGH https://github.com/tensorflow/tensorflow
cvssv3.1 9.3 https://github.com/tensorflow/tensorflow/commit/1df5a69e9f1a18a937e7907223066e606bf466b9
cvssv4 8.5 https://github.com/tensorflow/tensorflow/commit/1df5a69e9f1a18a937e7907223066e606bf466b9
generic_textual HIGH https://github.com/tensorflow/tensorflow/commit/1df5a69e9f1a18a937e7907223066e606bf466b9
cvssv3.1 9.3 https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012
cvssv4 8.5 https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012
generic_textual HIGH https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012
cvssv3.1 9.3 https://github.com/tensorflow/tensorflow/commit/8e47a685785bef8f81bcb996048921dfde08a9ab
cvssv4 8.5 https://github.com/tensorflow/tensorflow/commit/8e47a685785bef8f81bcb996048921dfde08a9ab
generic_textual HIGH https://github.com/tensorflow/tensorflow/commit/8e47a685785bef8f81bcb996048921dfde08a9ab
cvssv3.1 9.3 https://github.com/tensorflow/tensorflow/commit/a09ab4e77afdcc6e1e045c9d41d5edab63aafc1a
cvssv4 8.5 https://github.com/tensorflow/tensorflow/commit/a09ab4e77afdcc6e1e045c9d41d5edab63aafc1a
generic_textual HIGH https://github.com/tensorflow/tensorflow/commit/a09ab4e77afdcc6e1e045c9d41d5edab63aafc1a
cvssv3.1 9.3 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r
cvssv3.1_qr HIGH https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r
cvssv4 8.5 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r
generic_textual HIGH https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r
cvssv3.1 9.3 https://nvd.nist.gov/vuln/detail/CVE-2021-37678
cvssv4 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37678
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2021-37678
archlinux Critical https://security.archlinux.org/AVG-2292
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-37678
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-591.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-789.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-300.yaml
https://github.com/tensorflow/tensorflow
https://github.com/tensorflow/tensorflow/commit/1df5a69e9f1a18a937e7907223066e606bf466b9
https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012
https://github.com/tensorflow/tensorflow/commit/8e47a685785bef8f81bcb996048921dfde08a9ab
https://github.com/tensorflow/tensorflow/commit/a09ab4e77afdcc6e1e045c9d41d5edab63aafc1a
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r
https://nvd.nist.gov/vuln/detail/CVE-2021-37678
AVG-2292 https://security.archlinux.org/AVG-2292
GHSA-r6jx-9g48-2r5r https://github.com/advisories/GHSA-r6jx-9g48-2r5r
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-591.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-591.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-789.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-789.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-300.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-300.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/tensorflow/tensorflow/commit/1df5a69e9f1a18a937e7907223066e606bf466b9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/commit/1df5a69e9f1a18a937e7907223066e606bf466b9
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/tensorflow/tensorflow/commit/8e47a685785bef8f81bcb996048921dfde08a9ab
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/commit/8e47a685785bef8f81bcb996048921dfde08a9ab
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/tensorflow/tensorflow/commit/a09ab4e77afdcc6e1e045c9d41d5edab63aafc1a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/commit/a09ab4e77afdcc6e1e045c9d41d5edab63aafc1a
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-37678
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-37678
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.77676
EPSS Score 0.01023
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T19:56:05.383683+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-2292 38.6.0