Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tensorflow — Vulnerabilities & Security Advisories 403

Browse all 403 CVE security advisories affecting tensorflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TensorFlow is an open-source machine learning framework primarily used for developing and deploying data flow graphs across various platforms. With 403 recorded Common Vulnerabilities and Exposures (CVEs), it has historically been susceptible to a wide array of security flaws. These incidents frequently involve remote code execution, buffer overflows, and denial-of-service conditions, often stemming from improper input validation or memory management errors within its C++ backend. While cross-site scripting is less common due to its backend nature, privilege escalation risks exist when the framework runs with elevated system permissions. Notable security characteristics include its complex dependency tree, which can introduce indirect vulnerabilities through third-party libraries. Major incidents have largely focused on exploitation of parsing routines and model serialization processes, highlighting the critical need for rigorous patch management and secure configuration practices in production environments to mitigate these persistent risks.

Found 402 results / 403Clear Filters
Top products by tensorflow: tensorflow keras
CVE IDTitleCVSSSeverityPublished
CVE-2021-41209 FPE in convolutions with zero size filters — tensorflowCWE-369 5.5 Medium2021-11-05
CVE-2021-41203 Missing validation during checkpoint loading — tensorflowCWE-345 7.8 High2021-11-05
CVE-2021-41215 Null pointer exception in `DeserializeSparse` — tensorflowCWE-476 5.5 Medium2021-11-05
CVE-2021-41217 Null pointer exception when `Exit` node is not preceded by `Enter` op — tensorflowCWE-476 5.5 Medium2021-11-05
CVE-2021-41219 Undefined behavior via `nullptr` reference binding in sparse matrix multiplication — tensorflowCWE-824 7.8 High2021-11-05
CVE-2021-41214 Reference binding to `nullptr` in `tf.ragged.cross` — tensorflowCWE-824 7.8 High2021-11-05
CVE-2021-41204 Segfault while copying constant resource tensor — tensorflowCWE-824 5.5 Medium2021-11-05
CVE-2021-41226 Heap OOB read in `SparseBinCount` — tensorflowCWE-125 7.1 High2021-11-05
CVE-2021-41223 Heap OOB read in `FusedBatchNorm` kernels — tensorflowCWE-125 7.1 High2021-11-05
CVE-2021-41224 `SparseFillEmptyRows` heap OOB read — tensorflowCWE-125 7.1 High2021-11-05
CVE-2021-41212 Heap OOB read in `tf.ragged.cross` — tensorflowCWE-125 7.1 High2021-11-05
CVE-2021-41211 Heap OOB read in shape inference for `QuantizeV2` — tensorflowCWE-125 7.1 High2021-11-05
CVE-2021-41205 Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops — tensorflowCWE-125 7.1 High2021-11-05
CVE-2021-41210 Heap OOB read in `tf.raw_ops.SparseCountSparseOutput` — tensorflowCWE-125 7.1 High2021-11-05
CVE-2021-41201 Unitialized access in `EinsumHelper::ParseEquation` — tensorflowCWE-824 7.8 High2021-11-05
CVE-2021-41200 Incomplete validation in `tf.summary.create_file_writer` — tensorflowCWE-617 5.5 Medium2021-11-05
CVE-2021-41197 Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes — tensorflowCWE-190 5.5 Medium2021-11-05
CVE-2021-41198 Overflow/crash in `tf.tile` when tiling tensor is large — tensorflowCWE-190 5.5 Medium2021-11-05
CVE-2021-41199 Overflow/crash in `tf.image.resize` when size is large — tensorflowCWE-190 5.5 Medium2021-11-05
CVE-2021-41196 Crash in `max_pool3d` when size argument is 0 or negative — tensorflowCWE-191 5.5 Medium2021-11-05
CVE-2021-41195 Crash in `tf.math.segment_*` operations — tensorflowCWE-190 5.5 Medium2021-11-05
CVE-2021-37690 Use after free and segfault in shape inference functions in TensorFlow — tensorflowCWE-416 6.6 Medium2021-08-12
CVE-2021-37678 Arbitrary code execution due to YAML deserialization — tensorflowCWE-502 9.3 Critical2021-08-12
CVE-2021-37692 Segfault on strings tensors with mistmatched dimensions in TensorFlow — tensorflowCWE-20 5.5 Medium2021-08-12
CVE-2021-37669 Crash in NMS ops caused by integer conversion to unsigned in TensorFlow — tensorflowCWE-681 5.5 Medium2021-08-12
CVE-2021-37673 `CHECK`-fail in `MapStage` in TensorFlow — tensorflowCWE-20 5.5 Medium2021-08-12
CVE-2021-37663 Incomplete validation in `QuantizeV2` in TensorFlow — tensorflowCWE-20 7.8 High2021-08-12
CVE-2021-37682 Use of unitialized value in TensorFlow Lite — tensorflowCWE-908 4.4 Medium2021-08-12
CVE-2021-37674 Incomplete validation in `MaxPoolGrad` in TensorFlow — tensorflowCWE-20 5.5 Medium2021-08-12
CVE-2021-37665 Incomplete validation in MKL requantization in TensorFlow — tensorflowCWE-20 7.8 High2021-08-12

This page lists every published CVE security advisory associated with tensorflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.