Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-yvag-32h1-yfc5
Vulnerability ID VCID-yvag-32h1-yfc5
Aliases BIT-tensorflow-2022-21740
CVE-2022-21740
GHSA-44qp-9wwf-734r
PYSEC-2022-119
PYSEC-2022-64
Summary Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787 Out-of-bounds Write
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2022-21740
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-44qp-9wwf-734r
cvssv3.1_qr HIGH https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-21740
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-64.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-119.yaml
https://github.com/tensorflow/tensorflow
https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/count_ops.cc#L168-L273
https://github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a
https://github.com/tensorflow/tensorflow/commit/adbbabdb0d3abb3cdeac69e38a96de1d678b24b3
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r
CVE-2022-21740 https://nvd.nist.gov/vuln/detail/CVE-2022-21740
GHSA-44qp-9wwf-734r https://github.com/advisories/GHSA-44qp-9wwf-734r
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.54726
EPSS Score 0.00313
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:29:36.095112+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2022-64.yaml 38.6.0