Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TensorFlow — Vulnerabilities & Security Advisories 403

Browse all 403 CVE security advisories affecting TensorFlow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TensorFlow is an open-source machine learning framework primarily used for developing and deploying data flow graphs across various platforms. With 403 recorded Common Vulnerabilities and Exposures (CVEs), it has historically been susceptible to a wide array of security flaws. These incidents frequently involve remote code execution, buffer overflows, and denial-of-service conditions, often stemming from improper input validation or memory management errors within its C++ backend. While cross-site scripting is less common due to its backend nature, privilege escalation risks exist when the framework runs with elevated system permissions. Notable security characteristics include its complex dependency tree, which can introduce indirect vulnerabilities through third-party libraries. Major incidents have largely focused on exploitation of parsing routines and model serialization processes, highlighting the critical need for rigorous patch management and secure configuration practices in production environments to mitigate these persistent risks.

Top products by TensorFlow: tensorflow keras
CVE IDTitleCVSSSeverityPublished
CVE-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow — tensorflowCWE-617 6.5 Medium2022-02-04
CVE-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow — tensorflowCWE-400 6.5 Medium2022-02-04
CVE-2022-23581 `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow — tensorflowCWE-617 6.5 Medium2022-02-04
CVE-2022-23575 Integer overflow in Tensorflow — tensorflowCWE-190 6.5 Medium2022-02-04
CVE-2022-23576 Integer overflow in Tensorflow — tensorflowCWE-190 6.5 Medium2022-02-04
CVE-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow — tensorflowCWE-617 6.5 Medium2022-02-04
CVE-2022-23589 Null pointer dereference in Grappler's `IsConstant` in Tensorflow — tensorflowCWE-476 6.5 Medium2022-02-04
CVE-2022-23586 Multiple `CHECK`-fails in `function.cc` in Tensorflow — tensorflowCWE-617 6.5 Medium2022-02-04
CVE-2022-23583 `CHECK`-failures in binary ops in Tensorflow — tensorflowCWE-617 6.5 Medium2022-02-04
CVE-2022-23582 `CHECK`-failures in `TensorByteSize` in Tensorflow — tensorflowCWE-617 6.5 Medium2022-02-04
CVE-2022-23584 Use after free in `DecodePng` in Tensorflow — tensorflowCWE-416 7.6 High2022-02-04
CVE-2022-23587 Integer overflow in Tensorflow — tensorflowCWE-190 8.8 High2022-02-04
CVE-2022-23592 Out of bounds read in Tensorflow — tensorflowCWE-125 8.1 High2022-02-04
CVE-2022-23595 Null pointer dereference in TensorFlow — tensorflowCWE-476 5.3 Medium2022-02-04
CVE-2022-23594 Out of bounds read in Tensorflow — tensorflowCWE-125 8.8 High2022-02-04
CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow — tensorflowCWE-754 5.9 Medium2022-02-04
CVE-2022-23591 Stack overflow in Tensorflow — tensorflowCWE-400 7.5 High2022-02-04
CVE-2022-23593 Segfault in `simplifyBroadcast` in Tensorflow — tensorflowCWE-754 5.9 Medium2022-02-04
CVE-2021-41227 Arbitrary memory read in `ImmutableConst` — tensorflowCWE-125 6.6 Medium2021-11-05
CVE-2021-41225 A use of uninitialized value vulnerability in Tensorflow — tensorflowCWE-908 5.5 Medium2021-11-05
CVE-2021-41222 Segfault due to negative splits in `SplitV` — tensorflowCWE-682 5.5 Medium2021-11-05
CVE-2021-41228 Code injection in `saved_model_cli` — tensorflowCWE-78 7.5 High2021-11-05
CVE-2021-41220 Use after free in `CollectiveReduceV2` — tensorflowCWE-416 7.8 High2021-11-05
CVE-2021-41221 Access to invalid memory during shape inference in `Cudnn*` ops — tensorflowCWE-120 7.8 High2021-11-05
CVE-2021-41216 Heap buffer overflow in `Transpose` — tensorflowCWE-120 5.5 Medium2021-11-05
CVE-2021-41213 Deadlock in mutually recursive `tf.function` objects — tensorflowCWE-667 5.5 Medium2021-11-05
CVE-2021-41218 Integer division by 0 in `tf.raw_ops.AllToAll` — tensorflowCWE-369 5.5 Medium2021-11-05
CVE-2021-41206 Incomplete validation of shapes in multiple TF ops — tensorflowCWE-354 7.0 High2021-11-05
CVE-2021-41208 Incomplete validation in boosted trees code — tensorflowCWE-476 8.8 High2021-11-05
CVE-2021-41207 Division by zero in `ParallelConcat` — tensorflowCWE-369 5.5 Medium2021-11-05

This page lists every published CVE security advisory associated with TensorFlow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.