Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2022-29206 | TensorFlow: SparseTensorDenseAdd null ptr deref DoS | tensorflow | 5.5 |
| HIGH | CVE-2022-29208 | TensorFlow: OOB write in EditDistance enables local DoS | tensorflow | 7.1 |
| MEDIUM | CVE-2022-29209 | TensorFlow: CHECK macro type confusion causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29210 | TensorFlow: heap OOB in TensorKey causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29211 | TensorFlow: NaN input crashes histogram op (CPU DoS) | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29212 | TensorFlow Lite: quantization assert crash (DoS) | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29213 | TensorFlow: input validation DoS in FFT signal ops | tensorflow | 5.5 |
| HIGH | CVE-2022-29216 | TensorFlow CLI: eval() injection enables reverse shell | tensorflow | 7.8 |
| HIGH | CVE-2022-35934 | TensorFlow: tf.reshape DoS via integer overflow | tensorflow | 7.5 |
| HIGH | CVE-2022-35935 | TensorFlow: DoS via SobolSample CHECK-failure | tensorflow | 7.5 |
| CRITICAL | CVE-2022-35937 | TensorFlow: GatherNd OOB read crashes inference servers | tensorflow | 9.1 |
| CRITICAL | CVE-2022-35938 | TensorFlow: OOB read in GatherNd causes crash/data leak | tensorflow | 9.1 |
| CRITICAL | CVE-2022-35939 | TensorFlow: ScatterNd OOB write enables RCE/crash | tensorflow | 9.8 |
| HIGH | CVE-2022-35940 | TensorFlow: integer overflow in RaggedRangeOp crashes service | tensorflow | 7.5 |
| HIGH | CVE-2022-35941 | TensorFlow: DoS via negative ksize in AvgPoolOp | tensorflow | 7.5 |
| HIGH | CVE-2022-35952 | TensorFlow: DoS via UnbatchGradOp assertion crash | tensorflow | 7.5 |
| HIGH | CVE-2022-35959 | TensorFlow: DoS via AvgPool3DGradOp input overflow | tensorflow | 7.5 |
| HIGH | CVE-2022-35960 | TensorFlow: DoS via malformed TensorListReserve input | tensorflow | 7.5 |
| HIGH | CVE-2022-35963 | TensorFlow: DoS via FractionalAvgPoolGrad overflow | tensorflow | 7.5 |
| HIGH | CVE-2022-35964 | TensorFlow: remote DoS via BlockLSTMGradV2 validation | tensorflow | 7.5 |