TensorFlow Vulnerabilities

pip ML Libraries

AI Threat Alert tracks 434 known vulnerabilities in TensorFlow, 17 rated critical — an AI/ML ml libraries in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
67
Risk Score
434
Total CVEs
17
Critical
pip
Ecosystem
Sep 25, 2025
Last CVE
4%
Patch Rate
1372d
Avg Time to Patch
195,966 stars 75,187 forks 3,249 issues 3,706 dependents Last push Jun 28, 2026
View on GitHub
OpenSSF Scorecard 7.2/10

Known Vulnerabilities (434 total, page 11 of 18)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2021-37675 TensorFlow: DoS via division by zero in conv ops 5.5 Aug 12, 2021 HIGH CVE-2021-37671 TensorFlow: null-ptr deref in Map ops, local C/I/A:High 7.8 Aug 12, 2021 HIGH CVE-2021-37667 TensorFlow: UnicodeEncode null deref, local code exec 7.8 Aug 12, 2021 HIGH CVE-2021-37666 TensorFlow: null-ptr deref in RaggedTensorToVariant op 7.8 Aug 12, 2021 HIGH CVE-2021-37652 TensorFlow: double-free in BoostedTrees, code exec 7.8 Aug 12, 2021 HIGH CVE-2021-37648 TensorFlow SaveV2: null ptr deref, local crash/RCE 7.8 Aug 12, 2021 HIGH CVE-2021-37664 TensorFlow: heap OOB read in BoostedTrees ops 7.1 Aug 12, 2021 HIGH CVE-2021-37662 TensorFlow: null deref in BoostedTrees training ops 7.8 Aug 12, 2021 MEDIUM CVE-2021-37661 TensorFlow: integer sign conversion DoS in boosted trees 5.5 Aug 12, 2021 HIGH CVE-2021-37659 TensorFlow: heap OOB in cwise ops enables local RCE 7.8 Aug 12, 2021 HIGH CVE-2021-37658 TensorFlow: null ptr deref in MatrixSetDiagV ops 7.8 Aug 12, 2021 HIGH CVE-2021-37657 TensorFlow: null ptr deref in MatrixDiagV ops 7.8 Aug 12, 2021 HIGH CVE-2021-37656 TensorFlow: null ptr deref in RaggedTensorToSparse op 7.8 Aug 12, 2021 HIGH CVE-2021-37655 TensorFlow: OOB heap read in ResourceScatterUpdate 7.3 Aug 12, 2021 HIGH CVE-2021-37654 TensorFlow: OOB read/crash via ResourceGather batch_dims 7.1 Aug 12, 2021 HIGH CVE-2021-37651 TensorFlow: heap OOB r/w in FractionalAvgPoolGrad op 7.8 Aug 12, 2021 HIGH CVE-2021-37650 TensorFlow: heap overflow in DatasetToTFRecord ops 7.8 Aug 12, 2021 MEDIUM CVE-2021-37646 TensorFlow: StringNGrams integer overflow triggers DoS 5.5 Aug 12, 2021 MEDIUM CVE-2021-37645 TensorFlow: integer overflow in quantize grad causes DoS 5.5 Aug 12, 2021 MEDIUM CVE-2021-37644 TensorFlow: DoS via negative TensorListReserve input 5.5 Aug 12, 2021 HIGH CVE-2021-37641 TensorFlow: RaggedGather OOB read - heap leak + DoS 7.1 Aug 12, 2021 HIGH CVE-2021-37635 TensorFlow: heap OOB read in sparse reduction ops 7.1 Aug 12, 2021 MEDIUM CVE-2021-37649 TensorFlow: null ptr deref crashes inference via bad tensor 5.5 Aug 12, 2021 MEDIUM CVE-2021-37647 TensorFlow: null deref in SparseTensor ops causes DoS 5.5 Aug 12, 2021 HIGH CVE-2021-37643 TensorFlow: null deref in MatrixDiagPartOp, DoS risk 7.1 Aug 12, 2021

Showing 251–275 of 434

Frequently asked questions

What is TensorFlow?

TensorFlow is an AI/ML ml libraries tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does TensorFlow have?

TensorFlow has 434 known CVEs, 17 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is TensorFlow distributed in?

TensorFlow is distributed via the pip ecosystem and categorized as ml libraries.

Where does the TensorFlow vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of TensorFlow?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor TensorFlow in your stack

Get instant alerts when new vulnerabilities affect TensorFlow. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring