Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2021-37672 | TensorFlow: heap OOB read in SdcaOptimizerV2 | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37673 | TensorFlow: MapStage CHECK-fail causes process DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37674 | TensorFlow: DoS via MaxPoolGrad invalid tensor input | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37677 | TensorFlow: DoS via invalid Dequantize axis argument | tensorflow | 5.5 |
| HIGH | CVE-2021-37678 | TensorFlow/Keras: RCE via YAML model deserialization | tensorflow | 8.8 |
| HIGH | CVE-2021-37679 | TensorFlow: heap over-read leaks memory via RaggedTensor | tensorflow | 7.8 |
| HIGH | CVE-2021-37682 | TFLite: uninitialized quant params corrupt inference | tensorflow | 7.1 |
| MEDIUM | CVE-2021-37683 | TFLite: division by zero DoS in inference kernels | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37684 | TensorFlow TFLite: DoS via division by zero in pooling | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37685 | TensorFlow Lite: OOB read leaks heap memory in expand_dims | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37687 | TFLite: heap OOB read via negative indices in GatherNd | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37691 | TensorFlow TFLite: DoS via crafted model in LSH kernel | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37692 | TensorFlow: string tensor GC segfault causes process DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37690 | TensorFlow: use-after-free crashes training processes | tensorflow | 6.6 |
| MEDIUM | CVE-2021-41195 | TensorFlow: integer overflow in segment ops causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41196 | TensorFlow: integer underflow crashes Keras pooling layers | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41197 | TensorFlow: integer overflow in tensor dims causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41198 | TensorFlow: tf.tile integer overflow crashes ML process | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41199 | TensorFlow: tf.image.resize integer overflow DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41200 | TensorFlow: DoS crash in tf.summary file writer | tensorflow | 5.5 |