AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 23 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2023-25668 | TensorFlow: unauthenticated RCE via heap buffer overflow | tensorflow | 9.8 |
| HIGH | CVE-2023-25669 | TensorFlow: DoS via AvgPoolGrad invalid stride params | tensorflow | 7.5 |
| HIGH | CVE-2023-25670 | TensorFlow: null ptr DoS in quantized MKL MatMul | tensorflow | 7.5 |
| HIGH | CVE-2023-25671 | TensorFlow: OOB write DoS via integer type mismatch | tensorflow | 7.5 |
| HIGH | CVE-2023-25672 | TensorFlow: NPE in LookupTableImportV2 causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25673 | TensorFlow: FPE in TensorListSplit (XLA) remote DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25674 | TensorFlow: null pointer DoS in RandomShuffle (XLA) | tensorflow | 7.5 |
| HIGH | CVE-2023-25675 | TensorFlow XLA: Bincount shape mismatch causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25676 | TensorFlow: NULL ptr deref DoS in ParallelConcat op | tensorflow | 7.5 |
| HIGH | CVE-2023-25801 | TensorFlow: double-free in pooling ops enables RCE | tensorflow | 7.8 |
| HIGH | CVE-2023-27579 | TensorFlow Lite: FPE in tflite model crashes inference runtime | tensorflow | 7.5 |
| MEDIUM | CVE-2023-25661 | TensorFlow: DoS via malformed Convolution3D input | tensorflow | 6.5 |
| HIGH | CVE-2023-27506 | Intel TF Opt: buffer overflow enables local priv-esc | optimization_for_tensorflow | 7.8 |
| CRITICAL | CVE-2023-5245 | MLeap: zip slip in model loading enables RCE | 9.8 | |
| MEDIUM | CVE-2023-30767 | Intel TF Opt: buffer overflow enables local privesc | optimization_for_tensorflow | 6.7 |
| CRITICAL | CVE-2024-3660 | Keras: RCE via malicious model deserialization | keras | 9.8 |
| HIGH | CVE-2024-37057 | MLflow: RCE via malicious TensorFlow model deserialization | mlflow | 8.8 |
| HIGH | CVE-2023-33976 | TensorFlow: DoS via upper_bound rank validation crash | tensorflow | 7.5 |
| HIGH | CVE-2025-0649 | TensorFlow Serving: JSON recursion DoS on inference API | tensorflow_serving | 7.5 |
| MEDIUM | CVE-2025-5197 | Transformers: ReDoS in TF-to-PyTorch weight converter | transformers | 5.3 |