TensorFlow Vulnerabilities

pip ML Libraries

AI Threat Alert tracks 434 known vulnerabilities in TensorFlow, 17 rated critical — an AI/ML ml libraries in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
67
Risk Score
434
Total CVEs
17
Critical
pip
Ecosystem
Sep 25, 2025
Last CVE
4%
Patch Rate
1372d
Avg Time to Patch
195,966 stars 75,187 forks 3,249 issues 3,706 dependents Last push Jun 28, 2026
View on GitHub
OpenSSF Scorecard 7.2/10

Known Vulnerabilities (434 total, page 14 of 18)

Severity CVE ID Summary CVSS Published
HIGH CVE-2021-29578 TensorFlow: heap buffer overflow in FractionalAvgPoolGrad 7.8 May 14, 2021 HIGH CVE-2021-29577 TensorFlow: heap overflow in AvgPool3DGrad op 7.8 May 14, 2021 HIGH CVE-2021-29576 TensorFlow: heap buffer overflow in MaxPool3DGradGrad op 7.8 May 14, 2021 MEDIUM CVE-2021-29575 TensorFlow: stack overflow DoS in ReverseSequence op 5.5 May 14, 2021 HIGH CVE-2021-29574 TensorFlow: null ptr deref in MaxPool3DGradGrad ops 7.8 May 14, 2021 MEDIUM CVE-2021-29573 TensorFlow: div-by-zero in MaxPoolGrad op causes DoS 5.5 May 14, 2021 MEDIUM CVE-2021-29572 TensorFlow: null ptr deref crashes SdcaOptimizer op 5.5 May 14, 2021 HIGH CVE-2021-29571 TensorFlow: heap OOB write via crafted bounding box op 7.8 May 14, 2021 HIGH CVE-2021-29570 TensorFlow: OOB read in MaxPoolGradWithArgmax op 7.1 May 14, 2021 HIGH CVE-2021-29569 TensorFlow: OOB heap read in MaxPoolGradWithArgmax op 7.1 May 14, 2021 HIGH CVE-2021-29568 TensorFlow: null deref in ParameterizedTruncatedNormal op 7.8 May 14, 2021 MEDIUM CVE-2021-29567 TensorFlow: DoS via SparseDenseCwiseMul OOB 5.5 May 14, 2021 HIGH CVE-2021-29566 TensorFlow: heap OOB write in Dilation2D training op 7.8 May 14, 2021 MEDIUM CVE-2021-29565 TensorFlow: null ptr dereference crashes sparse ops 5.5 May 14, 2021 MEDIUM CVE-2021-29564 TensorFlow: null ptr deref DoS in EditDistance op 5.5 May 14, 2021 MEDIUM CVE-2021-29563 TensorFlow: DoS via RFFT empty matrix assertion crash 5.5 May 14, 2021 MEDIUM CVE-2021-29562 TensorFlow: assertion failure DoS in IRFFT op 5.5 May 14, 2021 MEDIUM CVE-2021-29561 TensorFlow: DoS via malformed LoadAndRemapMatrix input 5.5 May 14, 2021 HIGH CVE-2021-29560 TensorFlow: heap OOB in RaggedTensorToTensor op 7.1 May 14, 2021 HIGH CVE-2021-29559 TensorFlow: heap OOB read in UnicodeEncode leaks memory 7.1 May 14, 2021 HIGH CVE-2021-29558 TensorFlow: heap buffer overflow in SparseSplit op 7.8 May 14, 2021 MEDIUM CVE-2021-29557 TensorFlow: FPE in SparseMatMul causes process DoS 5.5 May 14, 2021 MEDIUM CVE-2021-29556 TensorFlow: DoS via divide-by-zero in Reverse op 5.5 May 14, 2021 MEDIUM CVE-2021-29555 TensorFlow: FusedBatchNorm divide-by-zero crashes ML jobs 5.5 May 14, 2021 HIGH CVE-2021-29553 TensorFlow: heap OOB read via malicious axis in quant op 7.1 May 14, 2021

Showing 326–350 of 434

Frequently asked questions

What is TensorFlow?

TensorFlow is an AI/ML ml libraries tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does TensorFlow have?

TensorFlow has 434 known CVEs, 17 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is TensorFlow distributed in?

TensorFlow is distributed via the pip ecosystem and categorized as ml libraries.

Where does the TensorFlow vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of TensorFlow?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor TensorFlow in your stack

Get instant alerts when new vulnerabilities affect TensorFlow. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring