TensorFlow Vulnerabilities

pip ML Libraries

AI Threat Alert tracks 434 known vulnerabilities in TensorFlow, 17 rated critical — an AI/ML ml libraries in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
67
Risk Score
434
Total CVEs
17
Critical
pip
Ecosystem
Sep 25, 2025
Last CVE
4%
Patch Rate
1372d
Avg Time to Patch
195,966 stars 75,187 forks 3,249 issues 3,706 dependents Last push Jun 28, 2026
View on GitHub
OpenSSF Scorecard 7.2/10

Known Vulnerabilities (434 total, page 3 of 18)

Severity CVE ID Summary CVSS Published
CRITICAL CVE-2022-41880 TensorFlow: heap OOB read in candidate sampler op 9.1 Nov 18, 2022 HIGH CVE-2022-41883 TensorFlow: executor crash via malformed op inputs (DoS) 7.5 Nov 18, 2022 HIGH CVE-2022-36027 TensorFlow: DoS crash in transposed conv quantization 7.5 Sep 16, 2022 HIGH CVE-2022-36017 TensorFlow: DoS via malformed Requantize tensors 7.5 Sep 16, 2022 HIGH CVE-2022-36016 TensorFlow: CHECK-fail assertion crashes model serving 7.5 Sep 16, 2022 HIGH CVE-2022-36015 TensorFlow: integer overflow in RangeSize causes DoS 7.5 Sep 16, 2022 HIGH CVE-2022-36014 TensorFlow: null ptr dereference in MLIR causes remote DoS 7.5 Sep 16, 2022 HIGH CVE-2022-36013 TensorFlow MLIR: null ptr deref crashes model serving 7.5 Sep 16, 2022 HIGH CVE-2022-36012 TensorFlow: DoS via empty MLIR function attributes 7.5 Sep 16, 2022 HIGH CVE-2022-36011 TensorFlow: null deref DoS in MLIR function conversion 7.5 Sep 16, 2022 HIGH CVE-2022-36005 TensorFlow: DoS via CHECK fail in fake_quant gradient 7.5 Sep 16, 2022 HIGH CVE-2022-36004 TensorFlow: DoS via tf.random.gamma CHECK assertion 7.5 Sep 16, 2022 HIGH CVE-2022-36003 TensorFlow: DoS via RandomPoissonV2 large input 7.5 Sep 16, 2022 HIGH CVE-2022-36002 TensorFlow: DoS via Unbatch assertion failure 7.5 Sep 16, 2022 HIGH CVE-2022-36001 TensorFlow: DoS via type confusion in DrawBoundingBoxes 7.5 Sep 16, 2022 HIGH CVE-2022-36000 TensorFlow: null deref crashes MLIR graph conversion 7.5 Sep 16, 2022 HIGH CVE-2022-35999 TensorFlow: DoS via empty Conv2DBackpropInput tensors 7.5 Sep 16, 2022 HIGH CVE-2022-35998 TensorFlow: DoS via EmptyTensorList CHECK fail 7.5 Sep 16, 2022 HIGH CVE-2022-35997 TensorFlow: CHECK-fail DoS in tf.sparse.cross op 7.5 Sep 16, 2022 HIGH CVE-2022-35996 TensorFlow: Conv2D DoS via empty input tensor 7.5 Sep 16, 2022 HIGH CVE-2022-35995 TensorFlow: DoS via AudioSummaryV2 CHECK failure 7.5 Sep 16, 2022 HIGH CVE-2022-35994 TensorFlow: CollectiveGather assertion DoS via scalar 7.5 Sep 16, 2022 HIGH CVE-2022-35993 TensorFlow: DoS via malformed SetSize tensor shape 7.5 Sep 16, 2022 HIGH CVE-2022-35992 TensorFlow: DoS via malformed TensorList element shape 7.5 Sep 16, 2022 HIGH CVE-2022-35991 TensorFlow: DoS via TensorListScatter CHECK fail 7.5 Sep 16, 2022

Showing 51–75 of 434

Frequently asked questions

What is TensorFlow?

TensorFlow is an AI/ML ml libraries tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does TensorFlow have?

TensorFlow has 434 known CVEs, 17 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is TensorFlow distributed in?

TensorFlow is distributed via the pip ecosystem and categorized as ml libraries.

Where does the TensorFlow vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of TensorFlow?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor TensorFlow in your stack

Get instant alerts when new vulnerabilities affect TensorFlow. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring