AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1204
Total CVEs
61
Pages
Page 10 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2021-37637 | TensorFlow: null ptr dereference in CompressElement (DoS) | tensorflow | 5.5 |
| HIGH | CVE-2021-37638 | TensorFlow: null ptr deref in RaggedTensorToTensor op | tensorflow | 7.8 |
| HIGH | CVE-2021-37639 | TensorFlow: heap OOB read via tensor restore API | tensorflow | 7.8 |
| HIGH | CVE-2021-37643 | TensorFlow: null deref in MatrixDiagPartOp, DoS risk | tensorflow | 7.1 |
| MEDIUM | CVE-2021-37647 | TensorFlow: null deref in SparseTensor ops causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37649 | TensorFlow: null ptr deref crashes inference via bad tensor | tensorflow | 5.5 |
| HIGH | CVE-2021-37635 | TensorFlow: heap OOB read in sparse reduction ops | tensorflow | 7.1 |
| HIGH | CVE-2021-37641 | TensorFlow: RaggedGather OOB read - heap leak + DoS | tensorflow | 7.1 |
| MEDIUM | CVE-2021-37644 | TensorFlow: DoS via negative TensorListReserve input | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37645 | TensorFlow: integer overflow in quantize grad causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37646 | TensorFlow: StringNGrams integer overflow triggers DoS | tensorflow | 5.5 |
| HIGH | CVE-2021-37650 | TensorFlow: heap overflow in DatasetToTFRecord ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37651 | TensorFlow: heap OOB r/w in FractionalAvgPoolGrad op | tensorflow | 7.8 |
| HIGH | CVE-2021-37654 | TensorFlow: OOB read/crash via ResourceGather batch_dims | tensorflow | 7.1 |
| HIGH | CVE-2021-37655 | TensorFlow: OOB heap read in ResourceScatterUpdate | tensorflow | 7.3 |
| HIGH | CVE-2021-37656 | TensorFlow: null ptr deref in RaggedTensorToSparse op | tensorflow | 7.8 |
| HIGH | CVE-2021-37657 | TensorFlow: null ptr deref in MatrixDiagV ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37658 | TensorFlow: null ptr deref in MatrixSetDiagV ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37659 | TensorFlow: heap OOB in cwise ops enables local RCE | tensorflow | 7.8 |
| MEDIUM | CVE-2021-37661 | TensorFlow: integer sign conversion DoS in boosted trees | tensorflow | 5.5 |