AI Threat Alert
Attack Type
Supply Chain
Supply chain attacks target the AI/ML software supply chain — compromised packages, poisoned model repositories, malicious dependencies, or tampered training data distributed through trusted channels.
460
Total CVEs
23
Pages
Page 4 of 23
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2021-37688 | TensorFlow Lite: DoS via crafted TFLite model file | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37689 | TensorFlow Lite: MLIR null ptr deref crashes inference | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37670 | TensorFlow: heap OOB read in sorting ops | tensorflow | 5.5 |
| HIGH | CVE-2021-37678 | TensorFlow/Keras: RCE via YAML model deserialization | tensorflow | 8.8 |
| HIGH | CVE-2021-37682 | TFLite: uninitialized quant params corrupt inference | tensorflow | 7.1 |
| MEDIUM | CVE-2021-37687 | TFLite: heap OOB read via negative indices in GatherNd | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37691 | TensorFlow TFLite: DoS via crafted model in LSH kernel | tensorflow | 5.5 |
| HIGH | CVE-2021-41203 | TensorFlow: malformed checkpoint triggers overflow/crash | tensorflow | 7.8 |
| MEDIUM | CVE-2021-41217 | TensorFlow: null pointer crash in control flow graph | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41213 | TensorFlow: tf.function deadlock enables DoS via model load | tensorflow | 5.5 |
| HIGH | CVE-2021-41225 | TensorFlow Grappler: uninitialized var, local priv-esc | tensorflow | 7.8 |
| MEDIUM | CVE-2021-41227 | TensorFlow: OOB read in ImmutableConst leaks memory | tensorflow | 5.5 |
| HIGH | CVE-2021-41228 | TensorFlow: eval() in saved_model_cli allows RCE | tensorflow | 7.8 |
| HIGH | CVE-2022-23558 | TFLite: integer overflow in model loading, RCE risk | tensorflow | 8.8 |
| HIGH | CVE-2022-23559 | TFLite: integer overflow in embedding lookup → heap OOB RW | tensorflow | 8.8 |
| HIGH | CVE-2022-23560 | TFLite: OOB read/write in sparse tensor → RCE | tensorflow | 8.8 |
| HIGH | CVE-2022-23561 | TensorFlow Lite: OOB write, arbitrary write primitive | tensorflow | 8.8 |
| MEDIUM | CVE-2022-23563 | TensorFlow: TOC/TOU race allows temp file hijacking | tensorflow | 6.3 |
| MEDIUM | CVE-2022-23565 | TensorFlow: DoS via malicious SavedModel AttrDef duplication | tensorflow | 6.5 |
| HIGH | CVE-2022-23566 | TensorFlow: heap OOB write in Grappler, RCE risk | tensorflow | 8.8 |