Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2021-29565 | TensorFlow: null ptr dereference crashes sparse ops | tensorflow | 5.5 |
| HIGH | CVE-2021-29566 | TensorFlow: heap OOB write in Dilation2D training op | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29567 | TensorFlow: DoS via SparseDenseCwiseMul OOB | tensorflow | 5.5 |
| HIGH | CVE-2021-29568 | TensorFlow: null deref in ParameterizedTruncatedNormal op | tensorflow | 7.8 |
| HIGH | CVE-2021-29569 | TensorFlow: OOB heap read in MaxPoolGradWithArgmax op | tensorflow | 7.1 |
| HIGH | CVE-2021-29570 | TensorFlow: OOB read in MaxPoolGradWithArgmax op | tensorflow | 7.1 |
| HIGH | CVE-2021-29571 | TensorFlow: heap OOB write via crafted bounding box op | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29572 | TensorFlow: null ptr deref crashes SdcaOptimizer op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29573 | TensorFlow: div-by-zero in MaxPoolGrad op causes DoS | tensorflow | 5.5 |
| HIGH | CVE-2021-29574 | TensorFlow: null ptr deref in MaxPool3DGradGrad ops | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29575 | TensorFlow: stack overflow DoS in ReverseSequence op | tensorflow | 5.5 |
| HIGH | CVE-2021-29576 | TensorFlow: heap buffer overflow in MaxPool3DGradGrad op | tensorflow | 7.8 |
| HIGH | CVE-2021-29577 | TensorFlow: heap overflow in AvgPool3DGrad op | tensorflow | 7.8 |
| HIGH | CVE-2021-29578 | TensorFlow: heap buffer overflow in FractionalAvgPoolGrad | tensorflow | 7.8 |
| HIGH | CVE-2021-29579 | TensorFlow: heap buffer overflow in MaxPoolGrad kernel | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29580 | TensorFlow: DoS via empty tensor in FractionalMaxPoolGrad | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29581 | TensorFlow: DoS via null buffer in CTCBeamSearchDecoder | tensorflow | 5.5 |
| HIGH | CVE-2021-29582 | TensorFlow: OOB heap read via Dequantize shape mismatch | tensorflow | 7.1 |
| HIGH | CVE-2021-29583 | TensorFlow: heap overflow in FusedBatchNorm risks RCE | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29584 | TensorFlow: integer overflow DoS in SparseSplit op | tensorflow | 5.5 |