AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
630
Total CVEs
32
Pages
Page 8 of 32
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2021-41220 | TensorFlow: use-after-free in async collective ops | tensorflow | 7.8 |
| HIGH | CVE-2021-41221 | TensorFlow: CuDNN heap overflow, local code execution | tensorflow | 7.8 |
| HIGH | CVE-2021-41225 | TensorFlow Grappler: uninitialized var, local priv-esc | tensorflow | 7.8 |
| HIGH | CVE-2021-41228 | TensorFlow: eval() in saved_model_cli allows RCE | tensorflow | 7.8 |
| HIGH | CVE-2022-21726 | TensorFlow: heap OOB read in Dequantize op allows RCE | tensorflow | 8.8 |
| HIGH | CVE-2022-21727 | TensorFlow: Dequantize integer overflow, RCE risk | tensorflow | 8.8 |
| HIGH | CVE-2022-21730 | TensorFlow: OOB read leaks heap memory, enables DoS | tensorflow | 8.1 |
| HIGH | CVE-2022-21740 | TensorFlow: heap overflow in sparse ops, RCE risk | tensorflow | 8.8 |
| HIGH | CVE-2022-23558 | TFLite: integer overflow in model loading, RCE risk | tensorflow | 8.8 |
| HIGH | CVE-2022-23559 | TFLite: integer overflow in embedding lookup → heap OOB RW | tensorflow | 8.8 |
| HIGH | CVE-2022-23560 | TFLite: OOB read/write in sparse tensor → RCE | tensorflow | 8.8 |
| HIGH | CVE-2022-23561 | TensorFlow Lite: OOB write, arbitrary write primitive | tensorflow | 8.8 |
| HIGH | CVE-2022-23562 | TensorFlow: Range integer overflow, RCE/DoS risk | tensorflow | 8.8 |
| MEDIUM | CVE-2022-23563 | TensorFlow: TOC/TOU race allows temp file hijacking | tensorflow | 6.3 |
| HIGH | CVE-2022-23566 | TensorFlow: heap OOB write in Grappler, RCE risk | tensorflow | 8.8 |
| MEDIUM | CVE-2022-23570 | TensorFlow: null-deref DoS via malformed protobuf tensor | tensorflow | 6.5 |
| HIGH | CVE-2022-23573 | TensorFlow: uninitialized memory in AssignOp | tensorflow | 8.8 |
| HIGH | CVE-2022-23574 | TensorFlow: heap OOB read/write enables network RCE | tensorflow | 8.8 |
| MEDIUM | CVE-2022-23584 | TensorFlow: use-after-free in PNG decode causes DoS | tensorflow | 6.5 |
| CRITICAL | CVE-2022-23587 | TensorFlow: integer overflow in Grappler enables RCE | tensorflow | 9.8 |