AI Threat Alert
ATLAS Landscape
AML.T0029
Denial of AI Service
Adversaries may target AI-enabled systems with a flood of requests for the purpose of degrading or shutting down the service. Since many AI systems require significant amounts of specialized compute, they are often expensive bottlenecks that can become overloaded. Adversaries can intentionally craft inputs that require heavy amounts of useless compute from the AI system.
473 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-33660 | TensorFlow: type confusion NPD in tensor conversion | n8n | 10.0 |
| CRITICAL | CVE-2025-63389 | ollama: Missing Auth allows unauthenticated access | ollama | 9.8 |
| CRITICAL | CVE-2022-35939 | TensorFlow: ScatterNd OOB write enables RCE/crash | tensorflow | 9.8 |
| CRITICAL | CVE-2022-41900 | TensorFlow: heap OOB RCE in FractionalMaxPool op | tensorflow | 9.8 |
| CRITICAL | CVE-2026-44211 | cline: WebSocket auth bypass enables terminal RCE | 9.6 | |
| CRITICAL | CVE-2026-42048 | Langflow: path traversal allows arbitrary directory deletion | langflow | 9.6 |
| CRITICAL | CVE-2022-41902 | TensorFlow Grappler: OOB read/crash via crafted model | tensorflow | 9.1 |
| CRITICAL | CVE-2026-0545 | MLflow: auth bypass in job API enables unauthenticated RCE | mlflow | 9.1 |
| CRITICAL | CVE-2022-35937 | TensorFlow: GatherNd OOB read crashes inference servers | tensorflow | 9.1 |
| CRITICAL | CVE-2022-35938 | TensorFlow: OOB read in GatherNd causes crash/data leak | tensorflow | 9.1 |
| HIGH | GHSA-mcmc-2m55-j8jj | vllm: Input Validation flaw enables exploitation | vllm | 8.8 |
| HIGH | CVE-2025-62164 | vllm: Input Validation flaw enables exploitation | vllm | 8.8 |
| HIGH | CVE-2022-23562 | TensorFlow: Range integer overflow, RCE/DoS risk | tensorflow | 8.8 |
| HIGH | CVE-2026-33053 | langflow: IDOR enables unauthorized data access | langflow | 8.8 |
| HIGH | CVE-2022-21740 | TensorFlow: heap overflow in sparse ops, RCE risk | tensorflow | 8.8 |
| HIGH | CVE-2025-5302 | llama-index: JSON parsing DoS via deep recursion | llama-index-core | 8.6 |
| HIGH | CVE-2026-1117 | lollms: Access Control bypass enables privilege escalation | lollms | 8.2 |
| HIGH | GHSA-75hx-xj24-mqrw | n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon | n8n-mcp | 8.2 |
| HIGH | CVE-2024-35199 | TorchServe: default gRPC exposure allows unauth inference | torchserve | 8.2 |
| HIGH | CVE-2024-39720 | Ollama: OOB read in GGUF parser enables remote DoS | ollama | 8.2 |
| HIGH | CVE-2024-10648 | Gradio: path traversal enables arbitrary file deletion DoS | gradio | 8.2 |
| HIGH | CVE-2025-30358 | Mesop: class pollution enables DoS and LLM jailbreak | 8.1 | |
| HIGH | CVE-2022-21730 | TensorFlow: OOB read leaks heap memory, enables DoS | tensorflow | 8.1 |
| HIGH | CVE-2022-21728 | TensorFlow: heap OOB read in ReverseSequence op | tensorflow | 8.1 |
| HIGH | CVE-2021-29525 | TensorFlow: div-by-zero DoS in Conv2DBackpropInput | tensorflow | 7.8 |
| HIGH | CVE-2021-29591 | TFLite: crafted model causes infinite loop / stack overflow | tensorflow | 7.8 |
| HIGH | CVE-2021-29530 | TensorFlow: null ptr deref in sparse Cholesky ops | tensorflow | 7.8 |
| HIGH | CVE-2021-29568 | TensorFlow: null deref in ParameterizedTruncatedNormal op | tensorflow | 7.8 |
| HIGH | CVE-2021-29513 | TensorFlow: type confusion → null ptr deref (CVSS 7.8) | tensorflow | 7.8 |
| HIGH | CVE-2021-29585 | TensorFlow TFLite: divide-by-zero crashes ML inference | tensorflow | 7.8 |
| HIGH | CVE-2021-37663 | TensorFlow: QuantizeV2 heap OOB/null-deref in quantization | tensorflow | 7.8 |
| HIGH | CVE-2021-29574 | TensorFlow: null ptr deref in MaxPool3DGradGrad ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37676 | TensorFlow: null ptr deref in SparseFillEmptyRows op | tensorflow | 7.8 |
| HIGH | CVE-2021-29586 | TFLite: div-by-zero in pooling crashes inference engine | tensorflow | 7.8 |
| HIGH | CVE-2021-29515 | TensorFlow: NULL ptr deref in MatrixDiag ops (crash/RCE) | tensorflow | 7.8 |
| HIGH | CVE-2021-29589 | TFLite GatherNd: divide-by-zero crashes inference runtime | tensorflow | 7.8 |
| HIGH | CVE-2021-37681 | TensorFlow Lite: null ptr deref crashes SVDF inference | tensorflow | 7.8 |
| HIGH | CVE-2021-37657 | TensorFlow: null ptr deref in MatrixDiagV ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37658 | TensorFlow: null ptr deref in MatrixSetDiagV ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37671 | TensorFlow: null-ptr deref in Map ops, local C/I/A:High | tensorflow | 7.8 |
| HIGH | CVE-2021-29597 | TensorFlow TFLite: div-by-zero crash via crafted model | tensorflow | 7.8 |
| HIGH | CVE-2021-37638 | TensorFlow: null ptr deref in RaggedTensorToTensor op | tensorflow | 7.8 |
| HIGH | CVE-2021-37650 | TensorFlow: heap overflow in DatasetToTFRecord ops | tensorflow | 7.8 |
| HIGH | CVE-2021-41208 | TensorFlow: heap R/W + DoS in boosted trees APIs | tensorflow | 7.8 |
| HIGH | CVE-2021-29614 | TensorFlow: OOB write in decode_raw crashes interpreter | tensorflow | 7.8 |
| HIGH | CVE-2024-10569 | Gradio: zip bomb DoS via dataframe CSV upload | gradio | 7.5 |
| HIGH | CVE-2025-62609 | mlx: security flaw enables exploitation | mlx | 7.5 |
| HIGH | CVE-2026-26209 | 7.5 | ||
| HIGH | CVE-2026-32701 | 7.5 | ||
| HIGH | CVE-2026-0599 | text-generation: DoS causes service disruption | 7.5 | |
| HIGH | CVE-2025-66960 | ollama: Input Validation flaw enables exploitation | ollama | 7.5 |
| HIGH | CVE-2025-66959 | ollama: Input Validation flaw enables exploitation | ollama | 7.5 |
| HIGH | CVE-2026-23490 | 7.5 | ||
| HIGH | CVE-2025-15514 | ollama: security flaw enables exploitation | ollama | 7.5 |
| HIGH | CVE-2024-58340 | langchain: security flaw enables exploitation | langchain | 7.5 |
| HIGH | CVE-2024-58339 | llamaindex: Resource Exhaustion enables DoS | llamaindex | 7.5 |
| HIGH | CVE-2026-22773 | vllm: Resource Exhaustion enables DoS | vllm | 7.5 |
| HIGH | CVE-2025-66786 | OAI CN5G AMF: unauthenticated JSON DoS on 5G SBI interface | oai-cn5g-amf | 7.5 |
| HIGH | CVE-2025-65805 | OAI CN5G AMF: Unauthenticated buffer overflow, RCE/DoS | oai-cn5g-amf | 7.5 |
| HIGH | CVE-2026-0621 | mcp_typescript_sdk: security flaw enables exploitation | 7.5 | |
| HIGH | CVE-2025-55560 | PyTorch: DoS via sparse/dense tensor Inductor compile | pytorch | 7.5 |
| HIGH | CVE-2025-55559 | TensorFlow: DoS via Conv2D valid padding crash | tensorflow | 7.5 |
| HIGH | CVE-2025-55558 | PyTorch: Inductor compiler buffer overflow causes DoS | pytorch | 7.5 |
| HIGH | CVE-2025-55557 | PyTorch: DoS via cummin+Inductor NameError in 2.7.0 | pytorch | 7.5 |
| HIGH | CVE-2025-55553 | PyTorch 2.7.0: DoS via proxy_tensor.py syntax error | pytorch | 7.5 |
| HIGH | CVE-2025-55552 | PyTorch: integer overflow in rot90+randn_like causes DoS | pytorch | 7.5 |
| HIGH | CVE-2025-55551 | PyTorch: DoS in linalg.lu via malformed slice op | pytorch | 7.5 |
| HIGH | CVE-2025-6921 | Transformers: ReDoS in optimizer halts training pipelines | transformers | 7.5 |
| HIGH | CVE-2025-6638 | HuggingFace Transformers: ReDoS in MarianTokenizer | transformers | 7.5 |
| HIGH | CVE-2025-57809 | xgrammar: uncontrolled recursion in grammar parsing causes DoS | xgrammar | 7.5 |
| HIGH | CVE-2025-48956 | vLLM: unauthenticated DoS via oversized HTTP header | vllm | 7.5 |
| HIGH | CVE-2025-3225 | llama-index Papers Loader: XML expansion DoS | llama-index-readers-papers | 7.5 |
| HIGH | CVE-2025-3262 | Transformers: ReDoS in chat.py causes CPU exhaustion | transformers | 7.5 |
| HIGH | CVE-2025-48889 | Gradio: unauthenticated file copy enables disk DoS | gradio | 7.5 |
| HIGH | CVE-2025-2099 | transformers: ReDoS in testing_utils causes DoS | transformers | 7.5 |
| HIGH | CVE-2025-1752 | llama_index: DoS via uncapped recursion in web reader | llama-index | 7.5 |
| HIGH | CVE-2025-0649 | TensorFlow Serving: JSON recursion DoS on inference API | tensorflow_serving | 7.5 |
| HIGH | CVE-2025-46560 | vLLM: DoS via quadratic multimodal tokenizer input | vllm | 7.5 |
| HIGH | CVE-2025-30202 | vLLM: ZeroMQ socket exposure enables DoS in multi-node | vllm | 7.5 |
| HIGH | GHSA-5ccf-884p-4jjq | open-webui: DoS via unauthenticated multipart parsing | open-webui | 7.5 |
| HIGH | CVE-2024-8984 | litellm: unauthenticated DoS via multipart boundary parsing | litellm | 7.5 |
| HIGH | CVE-2024-8020 | pytorch-lightning: unauthenticated DoS crashes LightningApp | pytorch-lightning | 7.5 |
| HIGH | CVE-2024-8053 | Open-WebUI: unauthenticated PDF endpoint enables DoS | open-webui | 7.5 |
| HIGH | CVE-2024-7983 | open-webui: unauthenticated DoS via markdown parser | open-webui | 7.5 |
| HIGH | GHSA-hh3j-9m59-p8vc | BentoML: DoS via multipart boundary in Gradio login | bentoml | 7.5 |
| HIGH | CVE-2024-12534 | open-webui: unauthenticated DoS via login payload flood | open-webui | 7.5 |
| HIGH | CVE-2024-12537 | Open-WebUI: unauthenticated DoS via code formatter | open-webui | 7.5 |
| HIGH | CVE-2024-10572 | H2O-3: unauthenticated AST parser enables DoS + file write | 7.5 | |
| HIGH | CVE-2025-0453 | MLflow: GraphQL DoS disables ML tracking server | mlflow | 7.5 |
| HIGH | CVE-2025-0317 | Ollama: DoS via malicious GGUF model file upload | ollama | 7.5 |
| HIGH | CVE-2025-0315 | Ollama: GGUF model upload causes memory exhaustion DoS | ollama | 7.5 |
| HIGH | CVE-2025-0312 | Ollama: null pointer DoS via malicious GGUF model upload | ollama | 7.5 |
| HIGH | CVE-2024-9056 | BentoML: DoS via multipart boundary exhausts server | bentoml | 7.5 |
| HIGH | GHSA-6wj5-5pgr-jwq8 | open-webui: DoS via malformed multipart boundary | open-webui | 7.5 |
| HIGH | CVE-2024-7036 | open-webui: unauthenticated DoS disables Admin panel | open-webui | 7.5 |
| HIGH | CVE-2024-8966 | Gradio: DoS via malformed multipart boundary | video | 7.5 |
| HIGH | CVE-2024-8063 | ollama: divide-by-zero DoS via crafted GGUF model import | ollama | 7.5 |
| HIGH | GHSA-w466-2wfc-8g58 | open-webui: DoS via starlette memory exhaustion | open-webui | 7.5 |
| HIGH | CVE-2024-12720 | Transformers: ReDoS in Nougat tokenizer causes DoS | transformers | 7.5 |
| HIGH | CVE-2024-12704 | llama-index: DoS via infinite loop in LangChain LLM | llamaindex | 7.5 |
| HIGH | CVE-2024-12055 | Ollama: DoS via malicious gguf model file upload | ollama | 7.5 |
| HIGH | CVE-2024-10624 | Gradio: ReDoS in DateTime causes CPU exhaustion DoS | gradio | 7.5 |
| HIGH | CVE-2024-10188 | litellm: unauthenticated DoS crashes LLM proxy server | litellm | 7.5 |
| HIGH | CVE-2024-39721 | Ollama: DoS via /dev/random causes goroutine exhaustion | ollama | 7.5 |
| HIGH | CVE-2024-7714 | AYS ChatGPT WP Plugin: auth bypass disables AI service | 7.5 | |
| HIGH | CVE-2024-8768 | vLLM: unauthenticated DoS via empty completion prompt | 7.5 | |
| HIGH | CVE-2023-33976 | TensorFlow: DoS via upper_bound rank validation crash | tensorflow | 7.5 |
| HIGH | CVE-2023-27579 | TensorFlow Lite: FPE in tflite model crashes inference runtime | tensorflow | 7.5 |
| HIGH | CVE-2023-25676 | TensorFlow: NULL ptr deref DoS in ParallelConcat op | tensorflow | 7.5 |
| HIGH | CVE-2023-25675 | TensorFlow XLA: Bincount shape mismatch causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25674 | TensorFlow: null pointer DoS in RandomShuffle (XLA) | tensorflow | 7.5 |
| HIGH | CVE-2023-25673 | TensorFlow: FPE in TensorListSplit (XLA) remote DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25672 | TensorFlow: NPE in LookupTableImportV2 causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25671 | TensorFlow: OOB write DoS via integer type mismatch | tensorflow | 7.5 |
| HIGH | CVE-2023-25670 | TensorFlow: null ptr DoS in quantized MKL MatMul | tensorflow | 7.5 |
| HIGH | CVE-2023-25669 | TensorFlow: DoS via AvgPoolGrad invalid stride params | tensorflow | 7.5 |
| HIGH | CVE-2023-25667 | TensorFlow: integer overflow DoS in video frame decoding | tensorflow | 7.5 |
| HIGH | CVE-2023-25666 | TensorFlow: FPE in AudioSpectrogram causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25665 | TensorFlow: null ptr deref DoS via sparse tensors | tensorflow | 7.5 |
| HIGH | CVE-2023-25663 | TensorFlow: null ptr deref crashes inference serving | tensorflow | 7.5 |
| HIGH | CVE-2023-25662 | TensorFlow: integer overflow in EditDistance causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25660 | TensorFlow: null ptr deref in Print op allows remote DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25659 | TensorFlow: OOB read in DynamicStitch enables DoS | tensorflow | 7.5 |
| HIGH | CVE-2023-25658 | TensorFlow: OOB read in GRUBlockCellGrad causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41911 | TensorFlow: type confusion DoS via bool cast in tensors | tensorflow | 7.5 |
| HIGH | CVE-2022-41909 | TensorFlow: remote DoS via malformed tensor input | tensorflow | 7.5 |
| HIGH | CVE-2022-41908 | TensorFlow: DoS via invalid UTF-8 input to PyFunc op | tensorflow | 7.5 |
| HIGH | CVE-2022-41907 | TensorFlow: integer overflow in ResizeNearestNeighborGrad → DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41901 | TensorFlow: DoS via SparseMatrixNNZ CHECK assertion fail | tensorflow | 7.5 |
| HIGH | CVE-2022-41889 | TensorFlow: NULL ptr deref DoS via quantized tensor input | tensorflow | 7.5 |
| HIGH | CVE-2022-41899 | TensorFlow: SdcaOptimizer DoS via malformed tensor rank | tensorflow | 7.5 |
| HIGH | CVE-2022-41898 | TensorFlow: DoS crash via empty SparseFillEmptyRowsGrad inputs | tensorflow | 7.5 |
| HIGH | CVE-2022-41897 | TensorFlow: OOB read in FractionMaxPoolGrad causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41896 | TensorFlow: DoS via oversized filterbank_channel_count | tensorflow | 7.5 |
| HIGH | CVE-2022-41895 | TensorFlow: heap OOB in MirrorPadGrad causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41893 | TensorFlow: DoS via TensorListResize malformed input | tensorflow | 7.5 |
| HIGH | CVE-2022-41891 | TensorFlow: segfault DoS in TensorListConcat op | tensorflow | 7.5 |
| HIGH | CVE-2022-41890 | TensorFlow: int32 overflow in BCast::ToShape causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41888 | TensorFlow: GPU input validation DoS in bbox proposals | tensorflow | 7.5 |
| HIGH | CVE-2022-41887 | TensorFlow: int32 overflow crashes Poisson loss function | tensorflow | 7.5 |
| HIGH | CVE-2022-41886 | TensorFlow: integer overflow in image op causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41885 | TensorFlow: FusedResizeAndPadConv2D overflow causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41884 | TensorFlow: DoS via malformed numpy array shape | tensorflow | 7.5 |
| HIGH | CVE-2022-41883 | TensorFlow: executor crash via malformed op inputs (DoS) | tensorflow | 7.5 |
| HIGH | CVE-2022-36027 | TensorFlow: DoS crash in transposed conv quantization | tensorflow | 7.5 |
| HIGH | CVE-2022-36017 | TensorFlow: DoS via malformed Requantize tensors | tensorflow | 7.5 |
| HIGH | CVE-2022-36016 | TensorFlow: CHECK-fail assertion crashes model serving | tensorflow | 7.5 |
| HIGH | CVE-2022-36015 | TensorFlow: integer overflow in RangeSize causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-36014 | TensorFlow: null ptr dereference in MLIR causes remote DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-36013 | TensorFlow MLIR: null ptr deref crashes model serving | tensorflow | 7.5 |
| HIGH | CVE-2022-36012 | TensorFlow: DoS via empty MLIR function attributes | tensorflow | 7.5 |
| HIGH | CVE-2022-36011 | TensorFlow: null deref DoS in MLIR function conversion | tensorflow | 7.5 |
| HIGH | CVE-2022-36005 | TensorFlow: DoS via CHECK fail in fake_quant gradient | tensorflow | 7.5 |
| HIGH | CVE-2022-36004 | TensorFlow: DoS via tf.random.gamma CHECK assertion | tensorflow | 7.5 |
| HIGH | CVE-2022-36003 | TensorFlow: DoS via RandomPoissonV2 large input | tensorflow | 7.5 |
| HIGH | CVE-2022-36002 | TensorFlow: DoS via Unbatch assertion failure | tensorflow | 7.5 |
| HIGH | CVE-2022-36001 | TensorFlow: DoS via type confusion in DrawBoundingBoxes | tensorflow | 7.5 |
| HIGH | CVE-2022-36000 | TensorFlow: null deref crashes MLIR graph conversion | tensorflow | 7.5 |
| HIGH | CVE-2022-35999 | TensorFlow: DoS via empty Conv2DBackpropInput tensors | tensorflow | 7.5 |
| HIGH | CVE-2022-35998 | TensorFlow: DoS via EmptyTensorList CHECK fail | tensorflow | 7.5 |
| HIGH | CVE-2022-35997 | TensorFlow: CHECK-fail DoS in tf.sparse.cross op | tensorflow | 7.5 |
| HIGH | CVE-2022-35996 | TensorFlow: Conv2D DoS via empty input tensor | tensorflow | 7.5 |
| HIGH | CVE-2022-35995 | TensorFlow: DoS via AudioSummaryV2 CHECK failure | tensorflow | 7.5 |
| HIGH | CVE-2022-35994 | TensorFlow: CollectiveGather assertion DoS via scalar | tensorflow | 7.5 |
| HIGH | CVE-2022-35993 | TensorFlow: DoS via malformed SetSize tensor shape | tensorflow | 7.5 |
| HIGH | CVE-2022-35992 | TensorFlow: DoS via malformed TensorList element shape | tensorflow | 7.5 |
| HIGH | CVE-2022-35991 | TensorFlow: DoS via TensorListScatter CHECK fail | tensorflow | 7.5 |
| HIGH | CVE-2022-36026 | TensorFlow: DoS via QuantizeAndDequantizeV3 CHECK fail | tensorflow | 7.5 |
| HIGH | CVE-2022-36019 | TensorFlow: DoS via FakeQuant tensor rank mismatch | tensorflow | 7.5 |
| HIGH | CVE-2022-36018 | TensorFlow: RaggedTensor CHECK fail remote DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-35990 | TensorFlow: DoS via quantization gradient rank check | tensorflow | 7.5 |
| HIGH | CVE-2022-35989 | TensorFlow: MaxPool GPU kernel DoS via oversized ksize | tensorflow | 7.5 |
| HIGH | CVE-2022-35988 | TensorFlow: GPU DoS via empty input to matrix_rank op | tensorflow | 7.5 |
| HIGH | CVE-2022-35987 | TensorFlow: DoS via DenseBincount shape mismatch | tensorflow | 7.5 |
| HIGH | CVE-2022-35986 | TensorFlow: RaggedBincount DoS crashes inference server | tensorflow | 7.5 |
| HIGH | CVE-2022-35985 | TensorFlow: DoS via malformed LRNGrad tensor input | tensorflow | 7.5 |
| HIGH | CVE-2022-35984 | TensorFlow: int64 type mismatch triggers remote DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-35983 | TensorFlow: DoS via Save/SaveSlices dtype CHECK fail | tensorflow | 7.5 |
| HIGH | CVE-2022-35982 | TensorFlow: DoS via invalid SparseBincount input | tensorflow | 7.5 |
| HIGH | CVE-2022-35981 | TensorFlow: DoS via FractionalMaxPoolGrad assertion | tensorflow | 7.5 |
| HIGH | CVE-2022-35979 | TensorFlow: DoS via nonscalar input in QuantizedRelu | tensorflow | 7.5 |
| HIGH | CVE-2022-35974 | TensorFlow: DoS via nonscalar quantization op input | tensorflow | 7.5 |
| HIGH | CVE-2022-35973 | TensorFlow: DoS via QuantizedMatMul input validation | tensorflow | 7.5 |
| HIGH | CVE-2022-35972 | TensorFlow: DoS via QuantizedBiasAdd rank validation | tensorflow | 7.5 |
| HIGH | CVE-2022-35971 | TensorFlow: DoS via invalid quantization tensor rank | tensorflow | 7.5 |
| HIGH | CVE-2022-35970 | TensorFlow: DoS via malformed QuantizedInstanceNorm tensors | tensorflow | 7.5 |
| HIGH | CVE-2022-35969 | TensorFlow: DoS via malformed Conv2DBackpropInput | tensorflow | 7.5 |
| HIGH | CVE-2022-35968 | TensorFlow: DoS via AvgPoolGrad shape validation failure | tensorflow | 7.5 |
| HIGH | CVE-2022-35967 | TensorFlow: DoS via QuantizedAdd tensor rank flaw | tensorflow | 7.5 |
| HIGH | CVE-2022-35966 | TensorFlow: DoS via QuantizedAvgPool input validation | tensorflow | 7.5 |
| HIGH | CVE-2022-35965 | TensorFlow: NULL deref DoS via empty tensor input | tensorflow | 7.5 |
| HIGH | CVE-2022-35964 | TensorFlow: remote DoS via BlockLSTMGradV2 validation | tensorflow | 7.5 |
| HIGH | CVE-2022-35963 | TensorFlow: DoS via FractionalAvgPoolGrad overflow | tensorflow | 7.5 |
| HIGH | CVE-2022-35960 | TensorFlow: DoS via malformed TensorListReserve input | tensorflow | 7.5 |
| HIGH | CVE-2022-35959 | TensorFlow: DoS via AvgPool3DGradOp input overflow | tensorflow | 7.5 |
| HIGH | CVE-2022-35952 | TensorFlow: DoS via UnbatchGradOp assertion crash | tensorflow | 7.5 |
| HIGH | CVE-2022-35941 | TensorFlow: DoS via negative ksize in AvgPoolOp | tensorflow | 7.5 |
| HIGH | CVE-2022-35940 | TensorFlow: integer overflow in RaggedRangeOp crashes service | tensorflow | 7.5 |
| HIGH | CVE-2022-35935 | TensorFlow: DoS via SobolSample CHECK-failure | tensorflow | 7.5 |
| HIGH | CVE-2022-35934 | TensorFlow: tf.reshape DoS via integer overflow | tensorflow | 7.5 |
| HIGH | CVE-2022-0736 | MLflow: insecure temp file handling causes DoS | mlflow | 7.5 |
| HIGH | CVE-2022-23593 | TensorFlow MLIR-TFRT: DoS via scalar shape segfault | tensorflow | 7.5 |
| HIGH | CVE-2022-23591 | TensorFlow: SavedModel stack overflow via recursive GraphDef | tensorflow | 7.5 |
| HIGH | CVE-2022-23590 | TensorFlow: DoS via malicious SavedModel GraphDef | tensorflow | 7.5 |
| HIGH | CVE-2020-15266 | TensorFlow: NaN-triggered DoS in crop_and_resize op | tensorflow | 7.5 |
| HIGH | CVE-2020-26269 | TensorFlow: OOB read in glob path matching causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2020-28975 | scikit-learn: DoS via crafted SVM model deserialization | scikit-learn | 7.5 |
| HIGH | CVE-2020-15265 | TensorFlow: OOB read DoS via invalid quantize axis | tensorflow | 7.5 |
| HIGH | CVE-2020-15206 | TensorFlow: SavedModel protobuf DoS in inference serving | tensorflow | 7.5 |
| HIGH | CVE-2020-15203 | TensorFlow: format string DoS in strings.as_string | tensorflow | 7.5 |
| HIGH | CVE-2020-5215 | TensorFlow: type confusion DoS crashes eager mode inference | tensorflow | 7.5 |
| HIGH | CVE-2026-40116 | PraisonAI: unauth WebSocket drains OpenAI API credits | praisonai | 7.5 |
| HIGH | CVE-2026-41680 | marked: infinite recursion DoS crashes Node.js via OOM | marked | 7.5 |
| HIGH | CVE-2025-7707 | llama-index: world-writable NLTK dir allows local tampering | llama-index | 7.1 |
| HIGH | CVE-2021-29570 | TensorFlow: OOB read in MaxPoolGradWithArgmax op | tensorflow | 7.1 |
| HIGH | CVE-2021-37643 | TensorFlow: null deref in MatrixDiagPartOp, DoS risk | tensorflow | 7.1 |
| HIGH | CVE-2021-37641 | TensorFlow: RaggedGather OOB read - heap leak + DoS | tensorflow | 7.1 |
| HIGH | CVE-2024-12911 | llama-index: SQLi+DoS via prompt injection in query engine | llamaindex | 7.1 |
| HIGH | CVE-2021-37654 | TensorFlow: OOB read/crash via ResourceGather batch_dims | tensorflow | 7.1 |
| HIGH | CVE-2026-24779 | vllm: SSRF allows internal network access | vllm | 7.1 |
| HIGH | CVE-2021-37664 | TensorFlow: heap OOB read in BoostedTrees ops | tensorflow | 7.1 |
| HIGH | CVE-2022-29208 | TensorFlow: OOB write in EditDistance enables local DoS | tensorflow | 7.1 |
| HIGH | CVE-2021-41212 | TensorFlow: heap OOB read in ragged.cross shape inference | tensorflow | 7.1 |
| HIGH | CVE-2021-29613 | TensorFlow: CTCLoss heap OOB read, info leak + crash | tensorflow | 7.1 |
| HIGH | CVE-2021-41205 | TensorFlow: heap OOB read in quantize ops, DoS+leak | tensorflow | 7.1 |
| MEDIUM | CVE-2024-28224 | Ollama: DNS rebinding exposes LLM API to remote access | ollama | 6.6 |
| MEDIUM | CVE-2021-37690 | TensorFlow: use-after-free crashes training processes | tensorflow | 6.6 |
| MEDIUM | CVE-2025-44779 | Ollama: arbitrary file deletion via /api/pull | ollama | 6.6 |
| MEDIUM | CVE-2025-26265 | openairinterface5g: segfault enables DoS via crafted UE message | openairinterface5g | 6.5 |
| MEDIUM | CVE-2025-62372 | vllm: security flaw enables exploitation | vllm | 6.5 |
| MEDIUM | CVE-2022-23588 | TensorFlow: DoS via crafted SavedModel crashes Grappler | tensorflow | 6.5 |
| MEDIUM | CVE-2025-48887 | vLLM: ReDoS in tool parser causes service outage | vllm | 6.5 |
| MEDIUM | CVE-2022-23567 | TensorFlow: integer overflow DoS in sparse tensor ops | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21733 | TensorFlow: StringNGrams integer overflow enables OOM DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21732 | TensorFlow: ThreadPoolHandle DoS via memory exhaustion | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21731 | TensorFlow: ConcatV2 type confusion enables remote DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2025-48944 | vLLM: input validation DoS crashes inference worker | vllm | 6.5 |
| MEDIUM | CVE-2023-25661 | TensorFlow: DoS via malformed Convolution3D input | tensorflow | 6.5 |
| MEDIUM | CVE-2025-48943 | vLLM: ReDoS crashes inference server via malformed regex | vllm | 6.5 |
| MEDIUM | CVE-2026-44222 | vLLM: token injection DoS via multimodal placeholders | vllm | 6.5 |
| MEDIUM | CVE-2020-15210 | TensorFlow Lite: memory corruption via aliased tensors | tensorflow | 6.5 |
| MEDIUM | CVE-2026-44223 | vLLM: speculative decoding DoS via penalty params | vllm | 6.5 |
| MEDIUM | CVE-2025-62426 | vllm: Resource Exhaustion enables DoS | vllm | 6.5 |
| MEDIUM | CVE-2026-32889 | 6.5 | ||
| MEDIUM | CVE-2026-34755 | vLLM: OOM DoS via unbounded video frame decoding | vllm | 6.5 |
| MEDIUM | GHSA-vrqm-gvq7-rrwh | 6.5 | ||
| MEDIUM | CVE-2026-34756 | vLLM: DoS via unbounded n parameter causes OOM crash | vllm | 6.5 |
| MEDIUM | CVE-2022-21741 | TensorFlow Lite: DoS via crafted depthwise conv model | tensorflow | 6.5 |
| MEDIUM | CVE-2025-29770 | vLLM: DoS via unbounded grammar cache exhausts disk | vllm | 6.5 |
| MEDIUM | CVE-2022-21739 | TensorFlow: QuantizedMaxPool null ptr deref causes DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21738 | TensorFlow: integer overflow crashes process via sparse op | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21737 | TensorFlow: DoS via malformed Bincount arguments | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23569 | TensorFlow: DoS via reachable assertions in ML ops | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21735 | TensorFlow: DoS via FractionalMaxPool div-by-zero | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21734 | TensorFlow: DoS via MapStage non-scalar key crash | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21729 | TensorFlow: UnravelIndex integer overflow → DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21725 | TensorFlow: DoS via div-by-zero in conv cost estimator | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23568 | TensorFlow: integer overflow DoS in sparse tensor ops | tensorflow | 6.5 |
| MEDIUM | CVE-2022-21736 | TensorFlow: NULL deref DoS via SparseTensorSliceDataset | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23595 | TensorFlow XLA: null pointer dereference causes DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2025-1194 | transformers: ReDoS in GPT-NeoX Japanese tokenizer | transformers | 6.5 |
| MEDIUM | CVE-2025-48942 | vLLM: DoS via malformed JSON schema guided param | vllm | 6.5 |
| MEDIUM | CVE-2026-40148 | PraisonAI: decompression bomb causes disk exhaustion | PraisonAI | 6.5 |
| MEDIUM | GHSA-hf3c-wxg2-49q9 | vLLM: DoS via unbounded XGrammar schema cache | vllm | 6.5 |
| MEDIUM | CVE-2025-32381 | xgrammar: unbounded grammar cache causes LLM server DoS | xgrammar | 6.5 |
| MEDIUM | CVE-2022-23589 | TensorFlow Grappler: DoS via malicious SavedModel | tensorflow | 6.5 |
| MEDIUM | CVE-2025-61620 | vllm: DoS via Jinja template injection in chat API | vllm | 6.5 |
| MEDIUM | CVE-2022-23586 | TensorFlow: SavedModel DoS crashes Python interpreter | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23585 | TensorFlow: memory leak in PNG decode causes DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23584 | TensorFlow: use-after-free in PNG decode causes DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23583 | TensorFlow: SavedModel type confusion triggers DoS crash | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23582 | TensorFlow: SavedModel CHECK-fail causes DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23581 | TensorFlow: DoS via Grappler optimizer CHECK failure | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23580 | TensorFlow: uncontrolled allocation DoS in shape inference | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23579 | TensorFlow: DoS via Grappler optimizer CHECK failure | tensorflow | 6.5 |
| MEDIUM | CVE-2024-9277 | Langflow: ReDoS crashes LLM workflow backend via HTTP POST | langflow | 6.5 |
| MEDIUM | CVE-2022-23577 | TensorFlow: null pointer deref crashes model loader | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23576 | TensorFlow: integer overflow in cost estimator causes DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23575 | TensorFlow: integer overflow in cost estimator → DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23572 | TensorFlow: DoS via shape inference assertion failure | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23571 | TensorFlow: protobuf assertion DoS via invalid tensor dtype | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23570 | TensorFlow: null-deref DoS via malformed protobuf tensor | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23565 | TensorFlow: DoS via malicious SavedModel AttrDef duplication | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23564 | TensorFlow: DoS via reachable assertion in protobuf decode | tensorflow | 6.5 |
| MEDIUM | CVE-2025-5472 | llama-index: JSONReader DoS via recursive JSON parsing | llama-index-core | 6.5 |
| MEDIUM | CVE-2022-23557 | TensorFlow TFLite: DoS via divide-by-zero in BiasAndClamp | tensorflow | 6.5 |
| MEDIUM | CVE-2020-15197 | TensorFlow: DoS via malformed sparse tensor input | tensorflow | 6.3 |
| MEDIUM | CVE-2025-68146 | 6.3 | ||
| MEDIUM | CVE-2024-8939 | ilab/vllm: best_of param causes inference API DoS | 6.2 | |
| MEDIUM | CVE-2026-40115 | PraisonAI: unbounded body read enables local DoS | PraisonAI | 6.2 |
| MEDIUM | CVE-2024-12910 | llama-index: DoS via infinite recursion in web reader | llama-index | 5.9 |
| MEDIUM | CVE-2026-29772 | 5.9 | ||
| MEDIUM | CVE-2020-15209 | TensorFlow Lite: null ptr deref crashes model inference | tensorflow | 5.9 |
| MEDIUM | CVE-2024-1455 | LangChain: Billion Laughs XML expansion causes DoS | langchain | 5.9 |
| MEDIUM | CVE-2020-15199 | TensorFlow: DoS via malformed ragged tensor input | tensorflow | 5.9 |
| MEDIUM | CVE-2026-27482 | ray: Missing Auth allows unauthenticated access | ray | 5.9 |
| MEDIUM | CVE-2026-34052 | ltiauthenticator: OAuth nonce leak causes server DoS | 5.9 | |
| MEDIUM | CVE-2020-15200 | TensorFlow: heap overflow in RaggedCountSparseOutput DoS | tensorflow | 5.9 |
| MEDIUM | CVE-2021-29575 | TensorFlow: stack overflow DoS in ReverseSequence op | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29213 | TensorFlow: input validation DoS in FFT signal ops | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29212 | TensorFlow Lite: quantization assert crash (DoS) | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29211 | TensorFlow: NaN input crashes histogram op (CPU DoS) | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29210 | TensorFlow: heap OOB in TensorKey causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29209 | TensorFlow: CHECK macro type confusion causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29206 | TensorFlow: SparseTensorDenseAdd null ptr deref DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29205 | TensorFlow: NULL deref DoS via compat.v1 ops | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29204 | TensorFlow: DoS via UnsortedSegmentJoin input validation | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29203 | TensorFlow: DoS via SpaceToBatchND integer overflow | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29202 | TensorFlow: DoS via ragged tensor memory exhaustion | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29201 | TensorFlow: QuantizedConv2D null deref crashes model server | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29207 | TensorFlow: null-ptr deref in eager mode causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29200 | TensorFlow: LSTMBlockCell DoS via invalid tensor rank | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29199 | TensorFlow: CHECK-fail DoS in LoadAndRemapMatrix op | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29198 | TensorFlow: DoS via sparse tensor input validation failure | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29197 | TensorFlow: DoS via UnsortedSegmentJoin input validation | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29196 | TensorFlow: DoS via invalid Conv3D filter input | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29195 | TensorFlow: StagePeek DoS via unvalidated index scalar | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29193 | TensorFlow: DoS via TensorSummaryV2 input validation failure | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29194 | TensorFlow: DoS via malformed DeleteSessionTensor input | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29192 | TensorFlow: DoS via QuantizeAndDequantize input validation | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29191 | TensorFlow: DoS via GetSessionTensor input validation | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41222 | TensorFlow: SplitV negative arg segfault crashes process | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41213 | TensorFlow: tf.function deadlock enables DoS via model load | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41218 | TensorFlow: AllToAll DoS via divide-by-zero crash | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41209 | TensorFlow: DoS via division-by-zero in conv ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41207 | TensorFlow: ParallelConcat div-by-zero crashes ML process | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41202 | TensorFlow tf.range: integer overflow in kernel causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41217 | TensorFlow: null pointer crash in control flow graph | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41215 | TensorFlow: DeserializeSparse null deref causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41204 | TensorFlow: DoS via Grappler constant folding segfault | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41200 | TensorFlow: DoS crash in tf.summary file writer | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41199 | TensorFlow: tf.image.resize integer overflow DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41198 | TensorFlow: tf.tile integer overflow crashes ML process | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41197 | TensorFlow: integer overflow in tensor dims causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41196 | TensorFlow: integer underflow crashes Keras pooling layers | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41195 | TensorFlow: integer overflow in segment ops causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37692 | TensorFlow: string tensor GC segfault causes process DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37691 | TensorFlow TFLite: DoS via crafted model in LSH kernel | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37684 | TensorFlow TFLite: DoS via division by zero in pooling | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37683 | TFLite: division by zero DoS in inference kernels | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37677 | TensorFlow: DoS via invalid Dequantize axis argument | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37674 | TensorFlow: DoS via MaxPoolGrad invalid tensor input | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37673 | TensorFlow: MapStage CHECK-fail causes process DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37669 | TensorFlow: integer conversion DoS in NonMaxSuppression ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37668 | TensorFlow: DoS via div-by-zero in UnravelIndex op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37689 | TensorFlow Lite: MLIR null ptr deref crashes inference | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37688 | TensorFlow Lite: DoS via crafted TFLite model file | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37686 | TFLite: infinite loop DoS via crafted strided slice model | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37680 | TFLite: division by zero crashes fully connected layers | tensorflow | 5.5 |
| MEDIUM | CVE-2025-3730 | PyTorch: DoS via ctc_loss resource mishandling | pytorch | 5.5 |
| MEDIUM | CVE-2021-37675 | TensorFlow: DoS via division by zero in conv ops | tensorflow | 5.5 |
| MEDIUM | CVE-2025-3121 | PyTorch: memory corruption in JIT flatbuffer loader | pytorch | 5.5 |
| MEDIUM | CVE-2021-37661 | TensorFlow: integer sign conversion DoS in boosted trees | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37645 | TensorFlow: integer overflow in quantize grad causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37644 | TensorFlow: DoS via negative TensorListReserve input | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29564 | TensorFlow: null ptr deref DoS in EditDistance op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37649 | TensorFlow: null ptr deref crashes inference via bad tensor | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37647 | TensorFlow: null deref in SparseTensor ops causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37637 | TensorFlow: null ptr dereference in CompressElement (DoS) | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37660 | TensorFlow: DoS via divide-by-zero in inplace ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37653 | TensorFlow: DoS via divide-by-zero in ResourceGather op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37642 | TensorFlow: ResourceScatterDiv div-by-zero enables DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37640 | TensorFlow: SparseReshape div-by-zero crashes ML pipelines | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37636 | TensorFlow: div-by-zero DoS in SparseDenseCwiseDiv op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29619 | TensorFlow: DoS via invalid SparseCount op args | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29618 | TensorFlow: DoS crash via tf.transpose complex+conjugate | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29617 | TensorFlow: DoS via CHECK-fail in strings.substr | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29615 | TensorFlow: uncontrolled recursion DoS in ParseAttrValue | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29611 | TensorFlow: DoS via SparseReshape invalid tensor input | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29604 | TFLite: DoS via division by zero in hashtable lookup | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29602 | TensorFlow TFLite: DepthwiseConv division-by-zero DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29543 | TensorFlow: DoS via assertion fail in CTCGreedyDecoder | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29584 | TensorFlow: integer overflow DoS in SparseSplit op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29573 | TensorFlow: div-by-zero in MaxPoolGrad op causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29542 | TensorFlow: StringNGrams heap overflow crashes ML process | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29552 | TensorFlow: DoS via empty num_segments tensor assertion | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29551 | TensorFlow: OOB read DoS in MatrixTriangularSolve kernel | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29554 | TensorFlow: divide-by-zero DoS in DenseCountSparseOutput | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29572 | TensorFlow: null ptr deref crashes SdcaOptimizer op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29541 | TensorFlow: null ptr deref DoS in StringNGrams op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29531 | TensorFlow: DoS crash via empty tensor in PNG encoding | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29562 | TensorFlow: assertion failure DoS in IRFFT op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29550 | TensorFlow: FractionalAvgPool DoS via divide-by-zero | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29521 | TensorFlow: DoS crash via negative sparse tensor shape | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29528 | TensorFlow: DoS via division-by-zero in QuantizedMul | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29565 | TensorFlow: null ptr dereference crashes sparse ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29556 | TensorFlow: DoS via divide-by-zero in Reverse op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29555 | TensorFlow: FusedBatchNorm divide-by-zero crashes ML jobs | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29549 | TensorFlow: divide-by-zero DoS in quantized batch norm op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29548 | TensorFlow: DoS via division by zero in QuantizedBatchNorm | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29519 | TensorFlow SparseCross: type confusion DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29517 | TensorFlow: Conv3D div-by-zero crashes ML processes | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29516 | TensorFlow: null ptr deref crashes RaggedTensor ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29581 | TensorFlow: DoS via null buffer in CTCBeamSearchDecoder | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29580 | TensorFlow: DoS via empty tensor in FractionalMaxPoolGrad | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29567 | TensorFlow: DoS via SparseDenseCwiseMul OOB | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29563 | TensorFlow: DoS via RFFT empty matrix assertion crash | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29561 | TensorFlow: DoS via malformed LoadAndRemapMatrix input | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29557 | TensorFlow: FPE in SparseMatMul causes process DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29547 | TensorFlow: OOB read DoS via empty tensor in QuantizedBatchNorm | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29545 | TensorFlow: heap OOB write in sparse tensor DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29544 | TensorFlow: DoS via missing tensor rank validation | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29539 | TensorFlow: type confusion in ImmutableConst causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29538 | TensorFlow: div-by-zero DoS in Conv2DBackpropFilter | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29534 | TensorFlow: DoS via CHECK-fail in SparseConcat op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29533 | TensorFlow: DoS via empty image in DrawBoundingBoxes | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29527 | TensorFlow: divide-by-zero DoS in QuantizedConv2D | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29526 | TensorFlow: Conv2D divide-by-zero crashes ML workloads | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29524 | TensorFlow: div-by-zero DoS in Conv2D backprop op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29523 | TensorFlow: DoS via integer overflow in sparse ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29522 | TensorFlow: Conv3DBackprop div-by-zero crashes training | tensorflow | 5.5 |
| MEDIUM | CVE-2025-12343 | ffmpeg: security flaw enables exploitation | 5.5 | |
| MEDIUM | CVE-2025-2953 | PyTorch: DoS via mkldnn_max_pool2d resource leak | pytorch | 5.5 |
| MEDIUM | CVE-2021-37646 | TensorFlow: StringNGrams integer overflow triggers DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2024-3099 | MLflow: URL encoding bypass enables model poisoning | mlflow | 5.4 |
| MEDIUM | CVE-2020-15198 | TensorFlow: heap OOB in SparseCountSparseOutput ops | tensorflow | 5.4 |
| MEDIUM | CVE-2025-6208 | llama-index-core: DoS causes service disruption | llama-index-core | 5.3 |
| MEDIUM | CVE-2020-15190 | TensorFlow: null ptr deref DoS via Switch op eager runtime | tensorflow | 5.3 |
| MEDIUM | CVE-2020-15204 | TensorFlow: null ptr deref DoS in eager mode ops | tensorflow | 5.3 |
| MEDIUM | CVE-2025-3263 | Transformers: ReDoS in config loader causes serving DoS | transformers | 5.3 |
| MEDIUM | CVE-2020-15191 | TensorFlow: null ptr deref in dlpack causes remote DoS | tensorflow | 5.3 |
| MEDIUM | CVE-2025-3001 | PyTorch: lstm_cell memory corruption, local code exec | pytorch | 5.3 |
| MEDIUM | CVE-2025-55554 | PyTorch: integer overflow in nan_to_num causes DoS | pytorch | 5.3 |
| MEDIUM | CVE-2025-3264 | Transformers: ReDoS in dynamic module loader causes DoS | transformers | 5.3 |
| MEDIUM | CVE-2025-46149 | PyTorch: reachable assertion in nn.Fold with inductor | pytorch | 5.3 |
| MEDIUM | CVE-2024-6838 | MLflow: unconstrained input causes UI denial of service | mlflow | 5.3 |
| MEDIUM | CVE-2025-6051 | Transformers: ReDoS in EnglishNormalizer exhausts CPU | transformers | 5.3 |
| MEDIUM | CVE-2024-4858 | WP Testimonial Carousel: OpenAI API key hijack, no auth | 5.3 | |
| MEDIUM | CVE-2020-15194 | TensorFlow: DoS via SparseFillEmptyRowsGrad assertion | tensorflow | 5.3 |
| MEDIUM | CVE-2025-5197 | Transformers: ReDoS in TF-to-PyTorch weight converter | transformers | 5.3 |
| MEDIUM | CVE-2025-3933 | Transformers: ReDoS in DonutProcessor causes DoS | transformers | 5.3 |
| MEDIUM | CVE-2025-49595 | n8n: DoS via empty filesystem URI in binary-data API | n8n | 4.9 |
| MEDIUM | CVE-2023-2800 | Transformers: temp file race condition allows local DoS | transformers | 4.7 |
| MEDIUM | CVE-2020-26268 | TensorFlow: ImmutableConst segfault crashes Python interpreter | tensorflow | 4.4 |
| MEDIUM | GHSA-j828-28rj-hfhp | vllm: ReDoS in inference endpoints enables DoS | vllm | 4.3 |
| MEDIUM | CVE-2020-15192 | TensorFlow: memory leak in dlpack DoS via low-priv input | tensorflow | 4.3 |
| MEDIUM | CVE-2025-12360 | Better: security flaw enables exploitation | 4.3 | |
| MEDIUM | CVE-2022-23578 | TensorFlow: memory leak via invalid graph node | tensorflow | 4.3 |
| MEDIUM | CVE-2025-52554 | n8n: broken authz enables cross-user workflow termination | n8n | 4.3 |
| MEDIUM | CVE-2024-2965 | langchain-community: DoS via recursive sitemap loop | langchain | 4.2 |
| MEDIUM | CVE-2020-15213 | TensorFlow Lite: OOM DoS via crafted segment sum model | tensorflow | 4.0 |
| MEDIUM | CVE-2024-31580 | PyTorch: heap buffer overflow causes local DoS | pytorch | 4.0 |
| LOW | CVE-2025-3136 | PyTorch: memory corruption in CUDA caching allocator | pytorch | 3.3 |
| LOW | CVE-2025-4287 | PyTorch NCCL: local DoS in distributed training reduce op | 3.3 | |
| LOW | CVE-2020-26270 | TensorFlow: DoS via zero-length input to LSTM/GRU on CUDA | tensorflow | 3.3 |
| LOW | CVE-2025-63396 | pytorch: security flaw enables exploitation | pytorch | 3.3 |
| MEDIUM | CVE-2025-58446 | xgrammar: DoS via oversized JSON schema grammar parsing | xgrammar | — |
| UNKNOWN | CVE-2026-42236 | n8n: unauthenticated MCP endpoint causes memory DoS | n8n | — |
| MEDIUM | GHSA-rxmx-g7hr-8mx4 | OpenClaw: Zalo webhook dedup collision silently drops events | openclaw | — |
| UNKNOWN | CVE-2025-1975 | Ollama: DoS via malicious manifest in /api/pull | ollama | — |
| LOW | CVE-2025-63681 | open-webui: Access Control bypass enables privilege escalation | open-webui | — |
| UNKNOWN | CVE-2024-10650 | ChuanhuChatGPT: DoS via multipart payload exhaustion | chuanhuchatgpt | — |
| HIGH | CVE-2026-33079 | mistune: ReDoS exposes Jupyter/AI services to DoS | mistune | — |
| UNKNOWN | CVE-2019-9635 | TensorFlow: NULL ptr deref DoS via malformed GIF input | tensorflow | — |
| HIGH | CVE-2026-33143 | — | ||
| MEDIUM | GHSA-ccx3-fw7q-rr2r | openclaw: base64 pre-alloc bypass causes resource exhaustion | openclaw | — |
| MEDIUM | GHSA-4g5x-2jfc-xm98 | openclaw: media download bypass exhausts disk storage | openclaw | — |
| UNKNOWN | CVE-2024-1727 | Gradio: CSRF enables disk exhaustion via file upload DoS | gradio | — |
| UNKNOWN | CVE-2018-10055 | TensorFlow XLA: heap overflow via crafted config file | tensorflow | — |
| MEDIUM | GHSA-h43v-27wg-5mf9 | OpenClaw: pre-auth signature bypass enables pairing DoS | openclaw | — |
| HIGH | CVE-2026-0897 | keras: Resource Exhaustion enables DoS | keras | — |
| MEDIUM | CVE-2026-35640 | openclaw: unauthenticated webhook parsing enables DoS | openclaw | — |
| UNKNOWN | CVE-2018-7576 | TensorFlow: NPD in 1.6.x crashes ML runtime | tensorflow | — |
| MEDIUM | GHSA-5hff-46vh-rxmw | OpenClaw: read-only scope bypass kills agent sessions | openclaw | — |
| MEDIUM | GHSA-m7j5-r2p5-c39r | picklescan: Deserialization enables RCE | picklescan | — |
| UNKNOWN | CVE-2025-0187 | Gradio: DoS via oversized upload filename | gradio | — |
| HIGH | CVE-2026-33155 | deepdiff: DoS causes service disruption | — | |
| LOW | GHSA-fqrj-m88p-qf3v | OpenClaw: cross-account webhook event suppression | openclaw | — |
| MEDIUM | CVE-2026-33123 | — | ||
| MEDIUM | GHSA-wwfp-w96m-c6x8 | OpenClaw: pairing DoS blocks account onboarding | openclaw | — |
| MEDIUM | CVE-2024-52524 | Giskard: ReDoS in text perturbation causes DoS | — | |
| HIGH | CVE-2026-25048 | xgrammar: security flaw enables exploitation | xgrammar | — |
| CRITICAL | CVE-2025-65015 | — |