Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2021-29605 | TFLite: integer overflow DoS via crafted model file | tensorflow | 5.5 |
| HIGH | CVE-2021-29606 | TensorFlow Lite: OOB read via crafted TFLite model | tensorflow | 7.8 |
| HIGH | CVE-2021-29607 | TensorFlow: heap OOB write in SparseAdd op | tensorflow | 7.8 |
| HIGH | CVE-2021-29608 | TensorFlow: heap OOB in RaggedTensorToTensor op | tensorflow | 7.8 |
| HIGH | CVE-2021-29609 | TensorFlow: SparseAdd heap OOB write and null deref | tensorflow | 7.8 |
| HIGH | CVE-2021-29610 | TensorFlow: heap R/W via quantization axis underflow | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29611 | TensorFlow: DoS via SparseReshape invalid tensor input | tensorflow | 5.5 |
| HIGH | CVE-2021-29612 | TensorFlow: heap overflow in linalg op, RCE risk | tensorflow | 7.8 |
| HIGH | CVE-2021-29613 | TensorFlow: CTCLoss heap OOB read, info leak + crash | tensorflow | 7.1 |
| HIGH | CVE-2021-29614 | TensorFlow: OOB write in decode_raw crashes interpreter | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29615 | TensorFlow: uncontrolled recursion DoS in ParseAttrValue | tensorflow | 5.5 |
| HIGH | CVE-2021-29616 | TensorFlow: null ptr deref in graph optimizer | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29617 | TensorFlow: DoS via CHECK-fail in strings.substr | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29618 | TensorFlow: DoS crash via tf.transpose complex+conjugate | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29619 | TensorFlow: DoS via invalid SparseCount op args | tensorflow | 5.5 |
| CRITICAL | CVE-2021-35958 | TensorFlow: path traversal in get_file allows file overwrite | tensorflow | 9.1 |
| MEDIUM | CVE-2021-37636 | TensorFlow: div-by-zero DoS in SparseDenseCwiseDiv op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37640 | TensorFlow: SparseReshape div-by-zero crashes ML pipelines | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37642 | TensorFlow: ResourceScatterDiv div-by-zero enables DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37653 | TensorFlow: DoS via divide-by-zero in ResourceGather op | tensorflow | 5.5 |