TensorFlow Vulnerabilities

pip ML Libraries

AI Threat Alert tracks 434 known vulnerabilities in TensorFlow, 17 rated critical — an AI/ML ml libraries in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
67
Risk Score
434
Total CVEs
17
Critical
pip
Ecosystem
Sep 25, 2025
Last CVE
4%
Patch Rate
1372d
Avg Time to Patch
195,966 stars 75,187 forks 3,249 issues 3,706 dependents Last push Jun 28, 2026
View on GitHub
OpenSSF Scorecard 7.2/10

Known Vulnerabilities (434 total, page 9 of 18)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2021-41209 TensorFlow: DoS via division-by-zero in conv ops 5.5 Nov 5, 2021 HIGH CVE-2021-41208 TensorFlow: heap R/W + DoS in boosted trees APIs 7.8 Nov 5, 2021 MEDIUM CVE-2021-41207 TensorFlow: ParallelConcat div-by-zero crashes ML process 5.5 Nov 5, 2021 HIGH CVE-2021-41206 TensorFlow: missing shape validation allows heap R/W 7.8 Nov 5, 2021 MEDIUM CVE-2021-41202 TensorFlow tf.range: integer overflow in kernel causes DoS 5.5 Nov 5, 2021 HIGH CVE-2021-41226 TensorFlow: heap OOB in SparseBinCount, crash/disclosure 7.1 Nov 5, 2021 HIGH CVE-2021-41224 TensorFlow: heap OOB read in SparseFillEmptyRows op 7.1 Nov 5, 2021 HIGH CVE-2021-41223 TensorFlow: FusedBatchNorm heap OOB allows data leak/crash 7.1 Nov 5, 2021 HIGH CVE-2021-41219 TensorFlow: heap OOB in sparse matrix multiply 7.8 Nov 5, 2021 MEDIUM CVE-2021-41217 TensorFlow: null pointer crash in control flow graph 5.5 Nov 5, 2021 MEDIUM CVE-2021-41215 TensorFlow: DeserializeSparse null deref causes DoS 5.5 Nov 5, 2021 HIGH CVE-2021-41214 TensorFlow: null deref in ragged ops, local RCE 7.8 Nov 5, 2021 HIGH CVE-2021-41212 TensorFlow: heap OOB read in ragged.cross shape inference 7.1 Nov 5, 2021 HIGH CVE-2021-41211 TensorFlow: heap OOB read in QuantizeV2 shape inference 7.1 Nov 5, 2021 HIGH CVE-2021-41205 TensorFlow: heap OOB read in quantize ops, DoS+leak 7.1 Nov 5, 2021 MEDIUM CVE-2021-41204 TensorFlow: DoS via Grappler constant folding segfault 5.5 Nov 5, 2021 HIGH CVE-2021-41203 TensorFlow: malformed checkpoint triggers overflow/crash 7.8 Nov 5, 2021 HIGH CVE-2021-41210 TensorFlow: heap OOB read in SparseCountSparseOutput 7.1 Nov 5, 2021 HIGH CVE-2021-41201 TensorFlow: uninitialized var in Einsum allows local RCE 7.8 Nov 5, 2021 MEDIUM CVE-2021-41200 TensorFlow: DoS crash in tf.summary file writer 5.5 Nov 5, 2021 MEDIUM CVE-2021-41199 TensorFlow: tf.image.resize integer overflow DoS 5.5 Nov 5, 2021 MEDIUM CVE-2021-41198 TensorFlow: tf.tile integer overflow crashes ML process 5.5 Nov 5, 2021 MEDIUM CVE-2021-41197 TensorFlow: integer overflow in tensor dims causes DoS 5.5 Nov 5, 2021 MEDIUM CVE-2021-41196 TensorFlow: integer underflow crashes Keras pooling layers 5.5 Nov 5, 2021 MEDIUM CVE-2021-41195 TensorFlow: integer overflow in segment ops causes DoS 5.5 Nov 5, 2021

Showing 201–225 of 434

Frequently asked questions

What is TensorFlow?

TensorFlow is an AI/ML ml libraries tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does TensorFlow have?

TensorFlow has 434 known CVEs, 17 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is TensorFlow distributed in?

TensorFlow is distributed via the pip ecosystem and categorized as ml libraries.

Where does the TensorFlow vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of TensorFlow?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor TensorFlow in your stack

Get instant alerts when new vulnerabilities affect TensorFlow. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring