Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tensorflow — Vulnerabilities & Security Advisories 403

Browse all 403 CVE security advisories affecting tensorflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TensorFlow is an open-source machine learning framework primarily used for developing and deploying data flow graphs across various platforms. With 403 recorded Common Vulnerabilities and Exposures (CVEs), it has historically been susceptible to a wide array of security flaws. These incidents frequently involve remote code execution, buffer overflows, and denial-of-service conditions, often stemming from improper input validation or memory management errors within its C++ backend. While cross-site scripting is less common due to its backend nature, privilege escalation risks exist when the framework runs with elevated system permissions. Notable security characteristics include its complex dependency tree, which can introduce indirect vulnerabilities through third-party libraries. Major incidents have largely focused on exploitation of parsing routines and model serialization processes, highlighting the critical need for rigorous patch management and secure configuration practices in production environments to mitigate these persistent risks.

Top products by tensorflow: tensorflow keras
CVE IDTitleCVSSSeverityPublished
CVE-2022-35969 `CHECK` fail in `Conv2DBackpropInput` in TensorFlow — tensorflowCWE-617 5.9 Medium2022-09-16
CVE-2022-35970 Segfault in `QuantizedInstanceNorm` in TensorFlow — tensorflowCWE-20 5.9 Medium2022-09-16
CVE-2022-35968 `CHECK` fail in `AvgPoolGrad` in TensorFlow — tensorflowCWE-617 5.9 Medium2022-09-16
CVE-2022-35966 Segfault in `QuantizedAvgPool` in TensorFlow — tensorflowCWE-20 5.9 Medium2022-09-16
CVE-2022-35967 Segfault in `QuantizedAdd` in TensorFlow — tensorflowCWE-20 5.9 Medium2022-09-16
CVE-2022-35964 Segfault in `BlockLSTMGradV2` in TensorFlow — tensorflowCWE-20 5.9 Medium2022-09-16
CVE-2022-35965 Segfault in `LowerBound` and `UpperBound` in TensorFlow — tensorflowCWE-476 5.9 Medium2022-09-16
CVE-2022-35963 `CHECK` failures in `FractionalAvgPoolGrad` in TensorFlow — tensorflowCWE-617 5.9 Medium2022-09-16
CVE-2022-35960 `CHECK` failure in `TensorListReserve` in TensorFlow — tensorflowCWE-617 5.9 Medium2022-09-16
CVE-2022-35959 `CHECK` failures in `AvgPool3DGrad` in TensorFlow — tensorflowCWE-617 5.9 Medium2022-09-16
CVE-2022-35952 `CHECK` failures in `UnbatchGradOp` in TensorFlow — tensorflowCWE-617 5.9 Medium2022-09-16
CVE-2022-35940 Int overflow in `RaggedRangeOp` in Tensoflow — tensorflowCWE-190 5.9 Medium2022-09-16
CVE-2022-35941 `CHECK` failure in `AvgPoolOp` in Tensorflow — tensorflowCWE-617 5.9 Medium2022-09-16
CVE-2022-35937 OOB read in `Gather_nd` op in TensorFlow Lite — tensorflowCWE-125 7.0 High2022-09-16
CVE-2022-35939 Out of bounds write in `scatter_nd` op in TensorFlow Lite — tensorflowCWE-787 7.0 High2022-09-16
CVE-2022-35935 `CHECK` failure in `SobolSample` via missing validation in TensorFlow — tensorflowCWE-617 5.9 Medium2022-09-16
CVE-2022-35938 OOB read in `Gather_nd` op in TensorFlow Lite Micro — tensorflowCWE-125 7.0 High2022-09-16
CVE-2022-35934 `CHECK` failure in tf.reshape in Tensorflow — tensorflowCWE-617 5.9 Medium2022-09-16
CVE-2022-29216 Code injection in `saved_model_cli` in TensorFlow — tensorflowCWE-94 7.8 High2022-05-20
CVE-2022-29213 Incomplete validation in signal ops leads to crashes in TensorFlow — tensorflowCWE-20 5.5 Medium2022-05-20
CVE-2022-29210 Heap buffer overflow due to incorrect hash function in TensorFlow — tensorflowCWE-120 5.5 Medium2022-05-20
CVE-2022-29209 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow — tensorflowCWE-843 5.5 Medium2022-05-20
CVE-2022-29211 Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values — tensorflowCWE-20 5.5 Medium2022-05-20
CVE-2022-29212 Core dump when loading TFLite models with quantization in TensorFlow — tensorflowCWE-20 5.5 Medium2022-05-20
CVE-2022-29201 Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow — tensorflowCWE-20 5.5 Medium2022-05-20
CVE-2022-29202 Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant` — tensorflowCWE-20 5.5 Medium2022-05-20
CVE-2022-29203 Integer overflow in `SpaceToBatchND` in TensorFlow — tensorflowCWE-190 5.5 Medium2022-05-20
CVE-2022-29204 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2` — tensorflowCWE-191 5.5 Medium2022-05-20
CVE-2022-29208 Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow — tensorflowCWE-787 7.1 High2022-05-20
CVE-2022-29205 Segfault due to missing support for quantized types in TensorFlow — tensorflowCWE-908 5.5 Medium2022-05-20

This page lists every published CVE security advisory associated with tensorflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.