Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TensorFlow — Vulnerabilities & Security Advisories 403

Browse all 403 CVE security advisories affecting TensorFlow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TensorFlow is an open-source machine learning framework primarily used for developing and deploying data flow graphs across various platforms. With 403 recorded Common Vulnerabilities and Exposures (CVEs), it has historically been susceptible to a wide array of security flaws. These incidents frequently involve remote code execution, buffer overflows, and denial-of-service conditions, often stemming from improper input validation or memory management errors within its C++ backend. While cross-site scripting is less common due to its backend nature, privilege escalation risks exist when the framework runs with elevated system permissions. Notable security characteristics include its complex dependency tree, which can introduce indirect vulnerabilities through third-party libraries. Major incidents have largely focused on exploitation of parsing routines and model serialization processes, highlighting the critical need for rigorous patch management and secure configuration practices in production environments to mitigate these persistent risks.

Top products by TensorFlow: tensorflow keras
CVE IDTitleCVSSSeverityPublished
CVE-2021-37657 Reference binding to nullptr in `MatrixDiagV*` ops in TensorFlow — tensorflowCWE-824 7.1 High2021-08-12
CVE-2021-37658 Reference binding to nullptr in `MatrixSetDiagV*` ops in TensorFlow — tensorflowCWE-824 7.1 High2021-08-12
CVE-2021-37644 `std::abort` raised from `TensorListReserve` in TensorFlow — tensorflowCWE-617 5.5 Medium2021-08-12
CVE-2021-37654 Heap OOB and CHECK fail in `ResourceGather` in TensorFlow — tensorflowCWE-125 7.3 High2021-08-12
CVE-2021-37641 Heap OOB in `RaggedGather` in TensorFlow — tensorflowCWE-125 7.3 High2021-08-12
CVE-2021-37635 Heap out of bounds access in sparse reduction operations in TensorFlow — tensorflowCWE-125 7.3 High2021-08-12
CVE-2021-37664 Heap OOB in boosted trees in TensorFlow — tensorflowCWE-125 7.3 High2021-08-12
CVE-2021-37659 Out of bounds read via null pointer dereference in TensorFlow — tensorflowCWE-476 7.3 High2021-08-12
CVE-2021-37655 Heap OOB in `ResourceScatterUpdate` in TensorFlow — tensorflowCWE-125 7.3 High2021-08-12
CVE-2021-37637 Null pointer dereference in `CompressElement` in TensorFlow — tensorflowCWE-476 7.7 High2021-08-12
CVE-2021-37649 Null pointer dereference in `UncompressElement` in TensorFlow — tensorflowCWE-476 7.7 High2021-08-12
CVE-2021-37647 Null pointer dereference in `SparseTensorSliceDataset` in TensorFlow — tensorflowCWE-476 7.7 High2021-08-12
CVE-2021-37643 Null pointer dereference in `MatrixDiagPartOp` in TensorFlow — tensorflowCWE-476 7.7 High2021-08-12
CVE-2021-37639 Null pointer dereference and heap OOB read in TensorFlow — tensorflowCWE-476 8.4 High2021-08-12
CVE-2021-37638 Null pointer dereference in `RaggedTensorToTensor` in TensorFlow — tensorflowCWE-476 7.7 High2021-08-12
CVE-2021-37660 Division by 0 in inplace operations in TensorFlow — tensorflowCWE-369 5.5 Medium2021-08-12
CVE-2021-37653 Division by 0 in `ResourceGather` in TensorFlow — tensorflowCWE-369 5.5 Medium2021-08-12
CVE-2021-37642 Division by 0 in `ResourceScatterDiv` in TensorFlow — tensorflowCWE-369 5.5 Medium2021-08-12
CVE-2021-37640 Integer division by 0 in sparse reshaping in TensorFlow — tensorflowCWE-369 5.5 Medium2021-08-12
CVE-2021-37636 Floating point exception in `SparseDenseCwiseDiv` in TensorFlow — tensorflowCWE-369 5.5 Medium2021-08-12
CVE-2021-29513 Type confusion during tensor casts lead to dereferencing null pointers — tensorflowCWE-476 2.5 Low2021-05-14
CVE-2021-29514 Heap out of bounds write in `RaggedBinCount` — tensorflowCWE-787 2.5 Low2021-05-14
CVE-2021-29515 Reference binding to null pointer in `MatrixDiag*` ops — tensorflowCWE-476 2.5 Low2021-05-14
CVE-2021-29516 Null pointer dereference via invalid Ragged Tensors — tensorflowCWE-476 2.5 Low2021-05-14
CVE-2021-29517 Division by zero in `Conv3D` — tensorflowCWE-369 2.5 Low2021-05-14
CVE-2021-29518 Session operations in eager mode lead to null pointer dereferences — tensorflowCWE-476 2.5 Low2021-05-14
CVE-2021-29519 CHECK-fail in SparseCross due to type confusion — tensorflowCWE-843 2.5 Low2021-05-14
CVE-2021-29520 Heap buffer overflow in `Conv3DBackprop*` — tensorflowCWE-120 2.5 Low2021-05-14
CVE-2021-29521 Segfault in SparseCountSparseOutput — tensorflowCWE-131 2.5 Low2021-05-14
CVE-2021-29522 Division by 0 in `Conv3DBackprop*` — tensorflowCWE-369 2.5 Low2021-05-14

This page lists every published CVE security advisory associated with TensorFlow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.