Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2021-29585 | TensorFlow TFLite: divide-by-zero crashes ML inference | tensorflow | 7.8 |
| HIGH | CVE-2021-29586 | TFLite: div-by-zero in pooling crashes inference engine | tensorflow | 7.8 |
| HIGH | CVE-2021-29587 | TensorFlow TFLite: divide-by-zero via crafted model file | tensorflow | 7.8 |
| HIGH | CVE-2021-29588 | TensorFlow Lite: DoS/RCE via crafted model stride=0 | tensorflow | 7.8 |
| HIGH | CVE-2021-29589 | TFLite GatherNd: divide-by-zero crashes inference runtime | tensorflow | 7.8 |
| HIGH | CVE-2021-29590 | TensorFlow TFLite: OOB read via empty tensor in Min/Max ops | tensorflow | 7.1 |
| HIGH | CVE-2021-29591 | TFLite: crafted model causes infinite loop / stack overflow | tensorflow | 7.8 |
| HIGH | CVE-2021-29592 | TensorFlow Lite: null-ptr deref in Reshape via 1D tensor | tensorflow | 7.8 |
| HIGH | CVE-2021-29593 | TensorFlow TFLite: div-by-zero via crafted model file | tensorflow | 7.8 |
| HIGH | CVE-2021-29594 | TFLite: divide-by-zero in conv allows code execution | tensorflow | 7.8 |
| HIGH | CVE-2021-29595 | TensorFlow TFLite: crash/RCE via malicious model file | tensorflow | 7.8 |
| HIGH | CVE-2021-29596 | TensorFlow TFLite: div-by-zero in EmbeddingLookup op | tensorflow | 7.8 |
| HIGH | CVE-2021-29597 | TensorFlow TFLite: div-by-zero crash via crafted model | tensorflow | 7.8 |
| HIGH | CVE-2021-29598 | TensorFlow TFLite: SVDF div-by-zero enables RCE | tensorflow | 7.8 |
| HIGH | CVE-2021-29599 | TFLite Split: malicious model triggers div-by-zero (DoS/RCE) | tensorflow | 7.8 |
| HIGH | CVE-2021-29600 | TensorFlow TFLite: div-by-zero via crafted OneHot model | tensorflow | 7.8 |
| HIGH | CVE-2021-29601 | TensorFlow Lite: integer overflow in model concatenation | tensorflow | 7.1 |
| MEDIUM | CVE-2021-29602 | TensorFlow TFLite: DepthwiseConv division-by-zero DoS | tensorflow | 5.5 |
| HIGH | CVE-2021-29603 | TensorFlow TFLite: heap OOB write via malformed model | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29604 | TFLite: DoS via division by zero in hashtable lookup | tensorflow | 5.5 |