AI Threat Alert
Training Data
Training data is both the model's most valuable input and its most underprotected one. Three problem classes dominate. First, poisoning: an attacker who can influence a public dataset, a web crawl, or a fine-tuning corpus can plant backdoors or biases that survive into the deployed model — BadNets-style attacks on image classifiers, trigger-phrase attacks on LLMs, and reward-hacking on RLHF datasets. Second, memorization and leakage: models can regurgitate verbatim training data, exposing PII and copyrighted content; this has driven the active New York Times v. OpenAI litigation and is a recurring GDPR concern. Third, provenance: when training data origins are unclear, downstream users inherit legal and security risk they can't assess. EU AI Act Article 10 (Data Governance) and ISO 42001 Annex A treat training-data quality as a controlled asset. Defenses: data lineage tracking, deduplication, PII scrubbing before training, and adversarial training against known trigger families.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2021-41228 | TensorFlow: eval() in saved_model_cli allows RCE | tensorflow | 7.8 |
| HIGH | CVE-2022-21730 | TensorFlow: OOB read leaks heap memory, enables DoS | tensorflow | 8.1 |
| MEDIUM | CVE-2022-23563 | TensorFlow: TOC/TOU race allows temp file hijacking | tensorflow | 6.3 |
| HIGH | CVE-2022-23573 | TensorFlow: uninitialized memory in AssignOp | tensorflow | 8.8 |
| MEDIUM | CVE-2022-29193 | TensorFlow: DoS via TensorSummaryV2 input validation failure | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29207 | TensorFlow: null-ptr deref in eager mode causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29211 | TensorFlow: NaN input crashes histogram op (CPU DoS) | tensorflow | 5.5 |
| HIGH | CVE-2022-35964 | TensorFlow: remote DoS via BlockLSTMGradV2 validation | tensorflow | 7.5 |
| CRITICAL | CVE-2022-41880 | TensorFlow: heap OOB read in candidate sampler op | tensorflow | 9.1 |
| HIGH | CVE-2022-41897 | TensorFlow: OOB read in FractionMaxPoolGrad causes DoS | tensorflow | 7.5 |
| CRITICAL | CVE-2022-41910 | TensorFlow Grappler: OOB read crashes or leaks memory | tensorflow | 9.1 |
| HIGH | CVE-2023-25658 | TensorFlow: OOB read in GRUBlockCellGrad causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25674 | TensorFlow: null pointer DoS in RandomShuffle (XLA) | tensorflow | 7.5 |
| HIGH | CVE-2023-27506 | Intel TF Opt: buffer overflow enables local priv-esc | optimization_for_tensorflow | 7.8 |
| MEDIUM | CVE-2023-30767 | Intel TF Opt: buffer overflow enables local privesc | optimization_for_tensorflow | 6.7 |
| HIGH | CVE-2021-4118 | pytorch-lightning: deserialization RCE via malicious checkpoint | pytorch_lightning | 7.8 |
| CRITICAL | CVE-2022-0845 | pytorch-lightning: code injection enables full RCE | pytorch_lightning | 9.8 |
| CRITICAL | CVE-2024-48063 | PyTorch: RCE via RemoteModule deserialization | pytorch | 9.8 |
| MEDIUM | CVE-2025-2998 | PyTorch: memory corruption in RNN pad_packed_sequence | pytorch | 5.3 |
| MEDIUM | CVE-2025-2999 | PyTorch: memory corruption in RNN sequence unpacking | pytorch | 5.3 |