AI Threat Alert
AI Component
Inference
Inference-layer vulnerabilities target the serving infrastructure that runs ML models in production — including vLLM, TensorRT, Triton, and custom serving endpoints.
536
Total CVEs
27
Pages
Page 17 of 27
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2023-25666 | TensorFlow: FPE in AudioSpectrogram causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25667 | TensorFlow: integer overflow DoS in video frame decoding | tensorflow | 7.5 |
| CRITICAL | CVE-2023-25668 | TensorFlow: unauthenticated RCE via heap buffer overflow | tensorflow | 9.8 |
| HIGH | CVE-2023-25669 | TensorFlow: DoS via AvgPoolGrad invalid stride params | tensorflow | 7.5 |
| HIGH | CVE-2023-25670 | TensorFlow: null ptr DoS in quantized MKL MatMul | tensorflow | 7.5 |
| HIGH | CVE-2023-25671 | TensorFlow: OOB write DoS via integer type mismatch | tensorflow | 7.5 |
| HIGH | CVE-2023-25672 | TensorFlow: NPE in LookupTableImportV2 causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25673 | TensorFlow: FPE in TensorListSplit (XLA) remote DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25674 | TensorFlow: null pointer DoS in RandomShuffle (XLA) | tensorflow | 7.5 |
| HIGH | CVE-2023-25675 | TensorFlow XLA: Bincount shape mismatch causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25676 | TensorFlow: NULL ptr deref DoS in ParallelConcat op | tensorflow | 7.5 |
| HIGH | CVE-2023-25801 | TensorFlow: double-free in pooling ops enables RCE | tensorflow | 7.8 |
| HIGH | CVE-2023-27579 | TensorFlow Lite: FPE in tflite model crashes inference runtime | tensorflow | 7.5 |
| MEDIUM | CVE-2023-25661 | TensorFlow: DoS via malformed Convolution3D input | tensorflow | 6.5 |
| HIGH | CVE-2023-33976 | TensorFlow: DoS via upper_bound rank validation crash | tensorflow | 7.5 |
| HIGH | CVE-2025-0649 | TensorFlow Serving: JSON recursion DoS on inference API | tensorflow_serving | 7.5 |
| MEDIUM | CVE-2025-55556 | TensorFlow: non-deterministic compilation breaks Embedding | tensorflow | 6.5 |
| HIGH | CVE-2025-55559 | TensorFlow: DoS via Conv2D valid padding crash | tensorflow | 7.5 |
| CRITICAL | CVE-2022-45907 | PyTorch: RCE via unsafe eval in JIT annotations | pytorch | 9.8 |
| CRITICAL | CVE-2023-43654 | TorchServe: SSRF + RCE via unrestricted model URL loading | torchserve | 9.8 |