AI Threat Alert
Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2020-15196 | TensorFlow: heap OOB read in sparse/ragged count ops | tensorflow | 9.9 |
| MEDIUM | CVE-2020-15197 | TensorFlow: DoS via malformed sparse tensor input | tensorflow | 6.3 |
| MEDIUM | CVE-2020-15198 | TensorFlow: heap OOB in SparseCountSparseOutput ops | tensorflow | 5.4 |
| MEDIUM | CVE-2020-15199 | TensorFlow: DoS via malformed ragged tensor input | tensorflow | 5.9 |
| MEDIUM | CVE-2020-15200 | TensorFlow: heap overflow in RaggedCountSparseOutput DoS | tensorflow | 5.9 |
| MEDIUM | CVE-2020-15201 | TensorFlow: heap overflow in ragged tensor ops | tensorflow | 4.8 |
| CRITICAL | CVE-2020-15202 | TensorFlow: Shard API int truncation enables memory corruption | tensorflow | 9.0 |
| HIGH | CVE-2020-15203 | TensorFlow: format string DoS in strings.as_string | tensorflow | 7.5 |
| MEDIUM | CVE-2020-15204 | TensorFlow: null ptr deref DoS in eager mode ops | tensorflow | 5.3 |
| CRITICAL | CVE-2020-15205 | TensorFlow: heap overflow in StringNGrams, ASLR bypass | tensorflow | 9.8 |
| HIGH | CVE-2020-15206 | TensorFlow: SavedModel protobuf DoS in inference serving | tensorflow | 7.5 |
| CRITICAL | CVE-2020-15207 | TFLite: OOB write via unchecked negative axis index | tensorflow | 9.0 |
| CRITICAL | CVE-2020-15208 | TFLite: OOB read/write via tensor dimension mismatch | tensorflow | 9.8 |
| MEDIUM | CVE-2020-15209 | TensorFlow Lite: null ptr deref crashes model inference | tensorflow | 5.9 |
| MEDIUM | CVE-2020-15210 | TensorFlow Lite: memory corruption via aliased tensors | tensorflow | 6.5 |
| MEDIUM | CVE-2020-15211 | TensorFlow Lite: heap OOB RW via flatbuffer tensor index | tensorflow | 4.8 |
| HIGH | CVE-2020-15212 | TensorFlow Lite: heap OOB write via segment sum op | tensorflow | 8.6 |
| MEDIUM | CVE-2020-15213 | TensorFlow Lite: OOM DoS via crafted segment sum model | tensorflow | 4.0 |
| HIGH | CVE-2020-15214 | TensorFlow Lite: OOB write in segment sum, memory corruption risk | tensorflow | 8.1 |
| HIGH | CVE-2020-15265 | TensorFlow: OOB read DoS via invalid quantize axis | tensorflow | 7.5 |