AI Threat Alert
Training Data
Training data is both the model's most valuable input and its most underprotected one. Three problem classes dominate. First, poisoning: an attacker who can influence a public dataset, a web crawl, or a fine-tuning corpus can plant backdoors or biases that survive into the deployed model — BadNets-style attacks on image classifiers, trigger-phrase attacks on LLMs, and reward-hacking on RLHF datasets. Second, memorization and leakage: models can regurgitate verbatim training data, exposing PII and copyrighted content; this has driven the active New York Times v. OpenAI litigation and is a recurring GDPR concern. Third, provenance: when training data origins are unclear, downstream users inherit legal and security risk they can't assess. EU AI Act Article 10 (Data Governance) and ISO 42001 Annex A treat training-data quality as a controlled asset. Defenses: data lineage tracking, deduplication, PII scrubbing before training, and adversarial training against known trigger families.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2021-35958 | TensorFlow: path traversal in get_file allows file overwrite | tensorflow | 9.1 |
| MEDIUM | CVE-2021-37637 | TensorFlow: null ptr dereference in CompressElement (DoS) | tensorflow | 5.5 |
| HIGH | CVE-2021-37639 | TensorFlow: heap OOB read via tensor restore API | tensorflow | 7.8 |
| HIGH | CVE-2021-37643 | TensorFlow: null deref in MatrixDiagPartOp, DoS risk | tensorflow | 7.1 |
| HIGH | CVE-2021-37635 | TensorFlow: heap OOB read in sparse reduction ops | tensorflow | 7.1 |
| HIGH | CVE-2021-37650 | TensorFlow: heap overflow in DatasetToTFRecord ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37651 | TensorFlow: heap OOB r/w in FractionalAvgPoolGrad op | tensorflow | 7.8 |
| HIGH | CVE-2021-37654 | TensorFlow: OOB read/crash via ResourceGather batch_dims | tensorflow | 7.1 |
| HIGH | CVE-2021-37655 | TensorFlow: OOB heap read in ResourceScatterUpdate | tensorflow | 7.3 |
| HIGH | CVE-2021-37656 | TensorFlow: null ptr deref in RaggedTensorToSparse op | tensorflow | 7.8 |
| HIGH | CVE-2021-37662 | TensorFlow: null deref in BoostedTrees training ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37664 | TensorFlow: heap OOB read in BoostedTrees ops | tensorflow | 7.1 |
| HIGH | CVE-2021-37648 | TensorFlow SaveV2: null ptr deref, local crash/RCE | tensorflow | 7.8 |
| HIGH | CVE-2021-37652 | TensorFlow: double-free in BoostedTrees, code exec | tensorflow | 7.8 |
| HIGH | CVE-2021-37666 | TensorFlow: null-ptr deref in RaggedTensorToVariant op | tensorflow | 7.8 |
| HIGH | CVE-2021-37671 | TensorFlow: null-ptr deref in Map ops, local C/I/A:High | tensorflow | 7.8 |
| HIGH | CVE-2021-37663 | TensorFlow: QuantizeV2 heap OOB/null-deref in quantization | tensorflow | 7.8 |
| MEDIUM | CVE-2021-37670 | TensorFlow: heap OOB read in sorting ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37672 | TensorFlow: heap OOB read in SdcaOptimizerV2 | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37673 | TensorFlow: MapStage CHECK-fail causes process DoS | tensorflow | 5.5 |