{"id":2942183,"name":"tensorflow-cpu","ecosystem":"pypi","description":"TensorFlow is an open source machine learning framework for everyone.","homepage":"https://www.tensorflow.org/","licenses":"Apache 2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/tensorflow/tensorflow","keywords_array":["tensorflow","tensor","machine","learning"],"namespace":null,"versions_count":100,"first_release_published_at":"2019-10-16T17:33:59.000Z","latest_release_published_at":"2026-03-06T17:25:45.000Z","latest_release_number":"2.21.0","last_synced_at":"2026-06-01T22:13:07.797Z","created_at":"2022-04-10T12:48:15.280Z","updated_at":"2026-06-02T04:12:30.914Z","registry_url":"https://pypi.org/project/tensorflow-cpu/","install_command":"pip install tensorflow-cpu --index-url https://pypi.org/simple","documentation_url":"https://tensorflow-cpu.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 5 - Production/Stable","Environment :: GPU :: NVIDIA CUDA :: 12","Environment :: GPU :: NVIDIA CUDA :: 12 :: 12.2","Intended Audience :: Developers","Intended Audience :: Education","Intended Audience :: Science/Research","License :: OSI Approved :: Apache Software License","Programming Language :: Python :: 3","Programming Language :: Python :: 3 :: Only","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Topic :: Scientific/Engineering","Topic :: Scientific/Engineering :: Artificial Intelligence","Topic :: Scientific/Engineering :: Mathematics","Topic :: Software Development","Topic :: Software Development :: Libraries","Topic :: Software Development :: Libraries :: Python Modules"],"normalized_name":"tensorflow-cpu","project_status":null},"repo_metadata":{"id":37251499,"uuid":"45717250","full_name":"tensorflow/tensorflow","owner":"tensorflow","description":"An Open Source Machine Learning Framework for Everyone","archived":false,"fork":false,"pushed_at":"2024-09-04T21:34:15.000Z","size":1063299,"stargazers_count":185330,"open_issues_count":4524,"forks_count":74146,"subscribers_count":7603,"default_branch":"master","last_synced_at":"2024-09-04T21:34:24.590Z","etag":null,"topics":["deep-learning","deep-neural-networks","distributed","machine-learning","ml","neural-network","python","tensorflow"],"latest_commit_sha":null,"homepage":"https://tensorflow.org","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tensorflow.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-11-07T01:19:20.000Z","updated_at":"2024-09-04T21:30:23.000Z","dependencies_parsed_at":"2023-10-27T15:27:29.446Z","dependency_job_id":"4202f94c-a761-4b1a-b3e0-60136ad66b70","html_url":"https://github.com/tensorflow/tensorflow","commit_stats":{"total_commits":155664,"total_committers":4307,"mean_commits":36.14209426514976,"dds":0.7343123650940487,"last_synced_commit":"be1ed17c85f914b82f6cf05098711f6807019617"},"previous_names":[],"tags_count":212,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tensorflow","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":217599092,"owners_count":16201910,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tensorflow","name":"tensorflow","uuid":"15658638","kind":"organization","description":"","email":"github-admin@tensorflow.org","website":"http://www.tensorflow.org","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/15658638?v=4","repositories_count":108,"last_synced_at":"2023-04-09T07:13:22.653Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tensorflow","funding_links":[],"total_stars":468581,"followers":null,"following":null,"created_at":"2022-11-02T16:22:56.353Z","updated_at":"2023-04-09T07:13:22.946Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tensorflow","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tensorflow/repositories"},"tags":[{"name":"v2.17.0","sha":"ad6d8cc177d0c868982e39e0823d0efbfb95f04c","kind":"commit","published_at":"2024-07-09T22:13:22.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.17.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.17.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.17.0/manifests"},{"name":"v2.17.0-rc1","sha":"b3dcff925010e3be83cbc8556ad4e66012f3a44e","kind":"commit","published_at":"2024-06-28T17:52:50.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.17.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.17.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.17.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.17.0-rc1/manifests"},{"name":"v2.16.2","sha":"810f233968cec850915324948bbbc338c97cf57f","kind":"commit","published_at":"2024-06-25T15:45:39.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.16.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.16.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.16.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.16.2/manifests"},{"name":"v2.17.0-rc0","sha":"c12935684083ee1f182530d417afde060a60a7a5","kind":"commit","published_at":"2024-06-12T16:54:11.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.17.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.17.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.17.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.17.0-rc0/manifests"},{"name":"v2.15.1","sha":"63f5a65c7cd7b6241bede8d2e0082058566ea364","kind":"commit","published_at":"2024-03-08T02:19:10.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.15.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.15.1/manifests"},{"name":"v2.16.1","sha":"5bc9d26649cca274750ad3625bd93422617eed4b","kind":"commit","published_at":"2024-03-06T00:30:15.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.16.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.16.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.16.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.16.1/manifests"},{"name":"v2.16.0-rc0","sha":"4bdc149ac84738b06a592473595c1c9c2bd2a9a3","kind":"commit","published_at":"2024-02-26T22:50:07.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.16.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.16.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.16.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.16.0-rc0/manifests"},{"name":"v2.14.1","sha":"99d80a9e254c9df7940b2902b14d15914dbbbcd9","kind":"commit","published_at":"2023-11-10T21:47:47.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.14.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.14.1/manifests"},{"name":"v2.15.0","sha":"6887368d6d46223f460358323c4b76d61d1558a8","kind":"commit","published_at":"2023-11-10T21:16:52.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.15.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.15.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.15.0/manifests"},{"name":"v2.15.0-rc1","sha":"2a4ec940bac104cc94ce8738fcb31824158baff1","kind":"commit","published_at":"2023-11-02T00:55:06.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.15.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.15.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.15.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.15.0-rc1/manifests"},{"name":"v2.15.0-rc0","sha":"5b2454e3de818c7ac24cf7fbb8d82aed83a577ca","kind":"commit","published_at":"2023-10-19T23:06:04.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.15.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.15.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.15.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.15.0-rc0/manifests"},{"name":"v2.14.0","sha":"4dacf3f368eb7965e9b5c3bbdd5193986081c3b2","kind":"commit","published_at":"2023-09-21T17:17:23.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.14.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.14.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.14.0/manifests"},{"name":"v2.13.1","sha":"f841394b1b714c5cc5366536411cf146c8c570df","kind":"commit","published_at":"2023-09-12T16:46:28.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.13.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.1/manifests"},{"name":"v2.14.0-rc1","sha":"dd01672d9a99ac372cc77a2a84faf0aedaefa36c","kind":"commit","published_at":"2023-08-30T13:46:27.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.14.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.14.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.14.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.14.0-rc1/manifests"},{"name":"v2.14.0-rc0","sha":"71056bdc9ea85dfe478ede45b86a80be1eecaa5b","kind":"commit","published_at":"2023-08-15T22:03:02.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.14.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.14.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.14.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.14.0-rc0/manifests"},{"name":"v2.13.0","sha":"1cb1a030a62b169d90d34c747ab9b09f332bf905","kind":"commit","published_at":"2023-06-28T18:38:35.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.13.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.0/manifests"},{"name":"v2.12.1","sha":"8e2b6655c0c488290179ab90a0daed0f6d3006f7","kind":"commit","published_at":"2023-06-27T18:05:39.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.12.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.12.1/manifests"},{"name":"v2.13.0-rc2","sha":"5b6abc8a9bb1bbef914a3e830c18e30e4477f036","kind":"commit","published_at":"2023-06-16T19:39:23.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.13.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.13.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.0-rc2/manifests"},{"name":"v2.13.0-rc1","sha":"57633696be6c5cd93ae6832e81338a31b10428b8","kind":"commit","published_at":"2023-05-26T00:14:50.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.13.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.13.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.0-rc1/manifests"},{"name":"v2.13.0-rc0","sha":"525da8a93eca846e32e5c41eddc0496b25a2ef5b","kind":"commit","published_at":"2023-05-05T21:50:40.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.13.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.13.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.13.0-rc0/manifests"},{"name":"v2.12.0","sha":"0db597d0d758aba578783b5bf46c889700a45085","kind":"commit","published_at":"2023-03-20T23:12:24.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.12.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.12.0/manifests"},{"name":"v2.11.1","sha":"a3e2c692c18649329c4210cf8df2487d2028e267","kind":"commit","published_at":"2023-03-16T17:20:00.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.11.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.1/manifests"},{"name":"v2.12.0-rc1","sha":"0d8efc960d2874c2f56eed8690d132763a92a33c","kind":"commit","published_at":"2023-03-03T23:26:03.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.12.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.12.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.12.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.12.0-rc1/manifests"},{"name":"v2.12.0-rc0","sha":"80170ee25b406758c04880a3b49ed9499667012e","kind":"commit","published_at":"2023-02-14T00:49:26.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.12.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.12.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.12.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.12.0-rc0/manifests"},{"name":"v2.11.0","sha":"d5b57ca93e506df258271ea00fc29cf98383a374","kind":"commit","published_at":"2022-11-16T01:17:12.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.11.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.0/manifests"},{"name":"v2.9.3","sha":"a5ed5f39b675a1c6f315e0caf3ad4b38478fa571","kind":"commit","published_at":"2022-11-15T01:23:24.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.9.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.3/manifests"},{"name":"v2.8.4","sha":"1b8f5c396f0c016ebe81fe1af029e6f205c926a4","kind":"commit","published_at":"2022-11-15T01:07:24.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.8.4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.4/manifests"},{"name":"v2.10.1","sha":"fdfc646704c37bdf450525f6ced9d80df86e4993","kind":"commit","published_at":"2022-11-15T00:46:00.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.10.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.1/manifests"},{"name":"v2.11.0-rc2","sha":"db80fa53b76cbb149c3a2580539c49ccc7f92141","kind":"commit","published_at":"2022-11-01T18:55:58.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.11.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.11.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.0-rc2/manifests"},{"name":"v2.11.0-rc1","sha":"8aa3c875bb16f60650a3b41a637097b3bae4b4c2","kind":"commit","published_at":"2022-10-19T00:14:58.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.11.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.11.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.0-rc1/manifests"},{"name":"v2.11.0-rc0","sha":"ba36eac6614d5c1f1e9bab6d2399749b68e8732e","kind":"commit","published_at":"2022-10-18T15:57:32.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.11.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.11.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.11.0-rc0/manifests"},{"name":"v2.10.0","sha":"359c3cdfc5fabac82b3c70b3b6de2b0a8c16874f","kind":"commit","published_at":"2022-09-02T22:59:55.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.10.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0/manifests"},{"name":"v2.9.2","sha":"18960c44ad3f5219c22dca55f842912dbce78a07","kind":"commit","published_at":"2022-09-01T18:34:47.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.9.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.2/manifests"},{"name":"v2.8.3","sha":"92a51d52ad199319e4f9de83fcbe970151dfed7e","kind":"commit","published_at":"2022-09-01T18:22:43.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.8.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.3/manifests"},{"name":"v2.7.4","sha":"a73cc22ba39f89463d3e0910dd12d84dbf8596d2","kind":"commit","published_at":"2022-09-01T18:04:52.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.7.4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.4/manifests"},{"name":"v2.10.0-rc3","sha":"f082fa907cf1a8e127436f12c05dff97ba599e3a","kind":"commit","published_at":"2022-08-26T15:05:21.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.10.0-rc3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0-rc3/manifests"},{"name":"v2.10.0-rc2","sha":"4bf2119f1d93411479981108dd0a3c3a46e8e3c4","kind":"commit","published_at":"2022-08-22T17:25:57.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.10.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0-rc2/manifests"},{"name":"v2.10.0-rc1","sha":"5dd05fd5304ae9b2dd3e588a96e47238527f1fc5","kind":"commit","published_at":"2022-08-12T17:58:13.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.10.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0-rc1/manifests"},{"name":"v2.10.0-rc0","sha":"371c061252f993fc48f12a7ab3924debfe637b2a","kind":"commit","published_at":"2022-08-02T17:54:45.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.10.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.10.0-rc0/manifests"},{"name":"v2.9.1","sha":"d8ce9f9c301d021a69953134185ab728c1c248d3","kind":"commit","published_at":"2022-05-22T22:28:22.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.9.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.1/manifests"},{"name":"v2.8.2","sha":"2ea19cbb575d076b4f521d3603211c8316ad5f8f","kind":"commit","published_at":"2022-05-22T22:24:29.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.8.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.2/manifests"},{"name":"v2.6.5","sha":"6b54e9fa35d6261adae9565f18cde359003b551b","kind":"commit","published_at":"2022-05-22T22:16:09.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.6.5","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.5/manifests"},{"name":"v2.7.3","sha":"fa3dcb4eadd639abb116f2b8d3019e51064e45b1","kind":"commit","published_at":"2022-05-20T22:44:46.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.7.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.3/manifests"},{"name":"v2.9.0","sha":"8a20d54a3c1bfa38c03ea99a2ad3c1b0a45dfa95","kind":"commit","published_at":"2022-05-13T18:05:15.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.9.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.0/manifests"},{"name":"v2.6.4","sha":"33ed2b11cb8e879d86c371700e6573db1814a69e","kind":"commit","published_at":"2022-05-13T17:11:29.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.6.4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.4/manifests"},{"name":"v2.8.1","sha":"0516d4d8bced506cae97dc3cb45dbd2fe4311f26","kind":"commit","published_at":"2022-05-12T17:27:32.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.8.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.1/manifests"},{"name":"v2.7.2","sha":"dd7b8a3c1714d0052ce4b4a2fd8dcef927439a24","kind":"commit","published_at":"2022-05-12T17:27:30.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.7.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.2/manifests"},{"name":"v2.9.0-rc2","sha":"84326b3712ebc48827d7a0bce087c15ab6b389a6","kind":"commit","published_at":"2022-05-04T16:21:35.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.9.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.0-rc2/manifests"},{"name":"v2.9.0-rc1","sha":"ca9b0dfd6e01d691f8467ca1f68f6baaf538c6b4","kind":"commit","published_at":"2022-04-21T17:30:05.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.9.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.0-rc1/manifests"},{"name":"v2.9.0-rc0","sha":"8727d035e7aa593720d16a5f57f70f3b5a93bd00","kind":"commit","published_at":"2022-04-07T16:50:03.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.9.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.9.0-rc0/manifests"},{"name":"v2.8.0","sha":"3f878cff5b698b82eea85db2b60d65a2e320850e","kind":"commit","published_at":"2022-01-31T19:17:33.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.8.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.0/manifests"},{"name":"v2.5.3","sha":"959e9b2a0c06df945f9fb66bd367af8832ca0d28","kind":"commit","published_at":"2022-01-30T15:39:47.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.5.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.3/manifests"},{"name":"v2.7.1","sha":"2a0f59ecfe64d4e7750e406f00f783ff4bd34631","kind":"commit","published_at":"2022-01-30T15:27:47.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.7.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.1/manifests"},{"name":"v2.6.3","sha":"92a6bb06549e74a8bd8cdb8e28552496e5520007","kind":"commit","published_at":"2022-01-30T00:24:32.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.6.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.3/manifests"},{"name":"v2.8.0-rc1","sha":"244b9d77fd42003042968a22d0cda6bea0c01435","kind":"commit","published_at":"2022-01-22T16:57:16.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.8.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.0-rc1/manifests"},{"name":"v2.8.0-rc0","sha":"804ef7223ef08fd14c274b4a4044cc4aeee68863","kind":"commit","published_at":"2021-12-22T02:09:05.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.8.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.8.0-rc0/manifests"},{"name":"v2.6.2","sha":"c2363d6d025981c661f8cbecf4c73ca7fbf38caf","kind":"commit","published_at":"2021-11-03T20:34:02.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.6.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.2/manifests"},{"name":"v2.7.0","sha":"c256c071bb26e1e13b4666d1b3e229e110bc914a","kind":"commit","published_at":"2021-11-01T01:31:04.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.7.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.0/manifests"},{"name":"v2.6.1","sha":"3aa40c3ce9d16eae296f086bc4ac4d62deb2affc","kind":"commit","published_at":"2021-10-31T17:10:05.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.6.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.1/manifests"},{"name":"v2.4.4","sha":"64918868e2154b06c7479347a59a4230f785e9fa","kind":"commit","published_at":"2021-10-30T22:59:09.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.4/manifests"},{"name":"v2.5.2","sha":"957590ea15cc03ee2e00fc61934647d54836676f","kind":"commit","published_at":"2021-10-30T22:58:36.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.5.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.2/manifests"},{"name":"v2.7.0-rc1","sha":"ff68385595088304cf772086b9a259a65b007622","kind":"commit","published_at":"2021-10-20T03:29:02.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.7.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.0-rc1/manifests"},{"name":"v2.7.0-rc0","sha":"ce35e5c3a8efdb8161c6a85c8fb9ffb5bbdc9ffd","kind":"commit","published_at":"2021-10-04T19:36:31.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.7.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.7.0-rc0/manifests"},{"name":"v2.4.3","sha":"4c0b84bf2a714bcdd18da1f1f94d533d72399d52","kind":"commit","published_at":"2021-08-11T22:06:57.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.3/manifests"},{"name":"v2.3.4","sha":"7462dcaae1e8cfe1dfd0c62dd6083f9749a9d827","kind":"commit","published_at":"2021-08-11T22:06:44.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.3.4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.4/manifests"},{"name":"v2.6.0","sha":"919f693420e35d00c8d0a42100837ae3718f7927","kind":"commit","published_at":"2021-08-09T19:10:27.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.6.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.0/manifests"},{"name":"v2.5.1","sha":"8222c1cfc866126111f23bd9872998480cebf2c1","kind":"commit","published_at":"2021-08-08T20:49:54.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.5.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.1/manifests"},{"name":"v2.6.0-rc2","sha":"5368d50428b30b7c9ccd038aec65d09252d16596","kind":"commit","published_at":"2021-08-03T00:34:40.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.6.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.0-rc2/manifests"},{"name":"v2.6.0-rc1","sha":"79f2d3a179ac6ea6b4c3d07b6849afad4e8730cd","kind":"commit","published_at":"2021-07-09T21:29:59.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.6.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.0-rc1/manifests"},{"name":"v2.6.0-rc0","sha":"a5317d67e6ce6e93de18011bfdcdd4ff7aa894cf","kind":"commit","published_at":"2021-06-29T00:23:36.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.6.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.6.0-rc0/manifests"},{"name":"v2.4.2","sha":"1923123d32ea41d92b70a27a3f6ecf0763b56f6c","kind":"commit","published_at":"2021-06-11T16:09:43.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.2/manifests"},{"name":"v2.2.3","sha":"cfe0c80169ae984bcdc99ff6de7444164aaa8e07","kind":"commit","published_at":"2021-06-10T18:18:38.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.2.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.3/manifests"},{"name":"v2.1.4","sha":"0931ea3d985bb9c8fdd054a5e29c4129623c849b","kind":"commit","published_at":"2021-06-08T23:03:14.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.1.4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.4/manifests"},{"name":"v2.3.3","sha":"3929ffacfbef7c431e8397920d040aaf47acff19","kind":"commit","published_at":"2021-06-04T22:32:44.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.3.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.3/manifests"},{"name":"v2.5.0","sha":"a4dfb8d1a71385bd6d122e4f27f86dcebb96712d","kind":"commit","published_at":"2021-05-12T13:26:41.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.5.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0/manifests"},{"name":"v2.5.0-rc3","sha":"fcdf659347024dc5a3130e866ba3dde10bac72b0","kind":"commit","published_at":"2021-05-04T23:35:43.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.5.0-rc3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.5.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0-rc3/manifests"},{"name":"v2.5.0-rc2","sha":"e0b8bbee7a66d5afa8b309a06fbfb61b4169266f","kind":"commit","published_at":"2021-04-24T00:13:00.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.5.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.5.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0-rc2/manifests"},{"name":"v2.5.0-rc1","sha":"0d1805aede03d25aa9d49adcef6903535fa5ad14","kind":"commit","published_at":"2021-04-12T16:43:40.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.5.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.5.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0-rc1/manifests"},{"name":"v2.5.0-rc0","sha":"a8b6d5ff93a37ccba92137e1cab2ae2ee6640ad6","kind":"commit","published_at":"2021-04-01T04:24:10.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.5.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.5.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.5.0-rc0/manifests"},{"name":"v2.4.1","sha":"85c8b2a817f95a3e979ecd1ed95bff1dc1335cff","kind":"commit","published_at":"2021-01-21T00:25:54.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.1/manifests"},{"name":"v2.3.2","sha":"9edbe5075f79a4a95ed14a2be831f9b59e61f49d","kind":"commit","published_at":"2021-01-04T20:20:31.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.3.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.2/manifests"},{"name":"v2.2.2","sha":"d745ff2a48cebf18e847e8b602a744e97e058946","kind":"commit","published_at":"2021-01-04T20:20:11.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.2.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.2/manifests"},{"name":"v2.1.3","sha":"77f47d6ed6ca1f50b6f2c4919097e625d50398a9","kind":"commit","published_at":"2021-01-04T20:19:34.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.1.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.3/manifests"},{"name":"v2.0.4","sha":"cdf2c541c3dd3fb6d03cce4d23fc6c548bc9017c","kind":"commit","published_at":"2021-01-04T20:19:09.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.4/manifests"},{"name":"v1.15.5","sha":"3db52be7be81a87c623cdeb7f03d3767521c5246","kind":"commit","published_at":"2021-01-04T20:18:42.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.15.5","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.5/manifests"},{"name":"v2.4.0","sha":"582c8d236cb079023657287c318ff26adb239002","kind":"commit","published_at":"2020-12-12T01:37:22.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0/manifests"},{"name":"v2.4.0-rc4","sha":"97c3fef64ba9937a52af2d72fb4104b6e541d4b2","kind":"commit","published_at":"2020-12-04T03:09:50.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.0-rc4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.0-rc4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc4/manifests"},{"name":"v2.4.0-rc3","sha":"68f236364cdd261754c68782d99ec2fc791922e6","kind":"commit","published_at":"2020-11-24T02:38:14.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.0-rc3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc3/manifests"},{"name":"v2.4.0-rc2","sha":"0b06f2927be226ffe44f47bfa9e03e4ea649d7f3","kind":"commit","published_at":"2020-11-17T22:39:53.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc2/manifests"},{"name":"v2.4.0-rc1","sha":"ef82f4c66cae4a719a3815c307061a941a88b206","kind":"commit","published_at":"2020-11-07T01:46:19.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc1/manifests"},{"name":"v2.4.0-rc0","sha":"5e5730ba9d15a3b328d2b20a01bf8a9762f3711c","kind":"commit","published_at":"2020-11-02T06:18:39.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.4.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.4.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.4.0-rc0/manifests"},{"name":"v2.1.2","sha":"ab35f2bf7132f9d20a0bea9a5d1849862737d4b4","kind":"commit","published_at":"2020-09-23T23:30:37.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.1.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.2/manifests"},{"name":"v2.3.1","sha":"fcc4b966f1265f466e82617020af93670141b009","kind":"commit","published_at":"2020-09-22T01:57:17.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.3.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.1/manifests"},{"name":"v2.2.1","sha":"25fba035f3e453d94490932096282c7b0624bbb3","kind":"commit","published_at":"2020-09-22T01:57:12.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.2.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.1/manifests"},{"name":"v2.0.3","sha":"295ad2781683835be974faba0a191528d8079768","kind":"commit","published_at":"2020-09-22T01:54:47.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.3/manifests"},{"name":"v1.15.4","sha":"df8c55ce12b5cfc6f29b01889f7773911a75e6ef","kind":"commit","published_at":"2020-09-22T01:53:53.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.15.4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.4/manifests"},{"name":"v2.3.0","sha":"b36436b087bd8e8701ef51718179037cccdfc26e","kind":"commit","published_at":"2020-07-24T00:09:13.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.3.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.0/manifests"},{"name":"v2.3.0-rc2","sha":"bb3c460114b13fda5c730fe43587b8e8c2243cd7","kind":"commit","published_at":"2020-07-17T19:45:59.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.3.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.0-rc2/manifests"},{"name":"v2.3.0-rc1","sha":"14b2d686d68696f90dbd08564b11af04066ce291","kind":"commit","published_at":"2020-07-08T19:51:39.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.3.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.0-rc1/manifests"},{"name":"v2.3.0-rc0","sha":"99fea8da0d98fb271b60b58cfa5755f2bd430079","kind":"commit","published_at":"2020-06-26T04:41:11.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.3.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.3.0-rc0/manifests"},{"name":"v1.15.3","sha":"4386a6640c9fb65503750c37714971031f3dc1fd","kind":"commit","published_at":"2020-05-14T22:21:31.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.15.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.3/manifests"},{"name":"v2.1.1","sha":"3ffdb91f122f556a74a6e1efd2469bfe1063cb5c","kind":"commit","published_at":"2020-05-14T02:17:30.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.1.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.1/manifests"},{"name":"v2.0.2","sha":"2c2fdd3205a8d31e5f09a71ac7eb52b8c0294a60","kind":"commit","published_at":"2020-05-12T19:46:23.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.2/manifests"},{"name":"v2.2.0","sha":"2b96f3662bd776e277f86997659e61046b56c315","kind":"commit","published_at":"2020-05-05T21:58:49.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.2.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0/manifests"},{"name":"v2.2.0-rc4","sha":"70087ab4f46a4bebaacce1023cd12bd9c655e159","kind":"commit","published_at":"2020-04-29T17:43:22.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.2.0-rc4","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.2.0-rc4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc4/manifests"},{"name":"v2.2.0-rc3","sha":"aad398b5e9eb8c617f2b70e16166bb2b797be10a","kind":"commit","published_at":"2020-04-10T22:59:49.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.2.0-rc3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.2.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc3/manifests"},{"name":"v2.2.0-rc2","sha":"e6e5d6df2ab26620548f35bf2e652b19f6d06652","kind":"commit","published_at":"2020-03-26T22:19:19.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.2.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.2.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc2/manifests"},{"name":"v2.2.0-rc1","sha":"acf4951a2f5fdc181ed14c163381c0cf135d9ee6","kind":"commit","published_at":"2020-03-18T22:54:49.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.2.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.2.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc1/manifests"},{"name":"v2.2.0-rc0","sha":"3c1e8c03419266bb6ba379d303d3e03a380617a8","kind":"commit","published_at":"2020-03-10T17:18:52.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.2.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.2.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.2.0-rc0/manifests"},{"name":"v1.15.2","sha":"5d80e1e8e6ee999be7db39461e0e79c90403a2e4","kind":"commit","published_at":"2020-01-26T03:57:51.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.15.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.2/manifests"},{"name":"v2.0.1","sha":"765ac8d16eff6d6ff997ee73809b402d8b1194ae","kind":"commit","published_at":"2020-01-22T23:43:57.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.1/manifests"},{"name":"v2.1.0","sha":"e5bf8de410005de06a7ff5393fafdf832ef1d4ad","kind":"commit","published_at":"2020-01-07T16:57:39.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.1.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.0/manifests"},{"name":"v2.1.0-rc2","sha":"9837eceb39171aba9e28dc1f120f53271b6b1ef0","kind":"commit","published_at":"2019-12-21T02:27:18.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.1.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.1.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.0-rc2/manifests"},{"name":"v2.1.0-rc1","sha":"064e1535a7ba3cb9f67b9d9171309a1e9ebca2b0","kind":"commit","published_at":"2019-12-10T22:17:34.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.1.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.1.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.0-rc1/manifests"},{"name":"v2.1.0-rc0","sha":"c6daad319d78e08d2dacbc4aa58094ce541188cf","kind":"commit","published_at":"2019-11-26T23:28:10.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.1.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.1.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.1.0-rc0/manifests"},{"name":"v1.15.0","sha":"590d6eef7e91a6a7392c8ffffb7b58f2e0c8bc6b","kind":"commit","published_at":"2019-10-14T21:08:43.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.15.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0/manifests"},{"name":"v1.15.0-rc3","sha":"38ea9bbfea423eb968fcc70bc454471277c9537c","kind":"commit","published_at":"2019-10-07T22:36:38.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.15.0-rc3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0-rc3/manifests"},{"name":"v1.15.0-rc2","sha":"5adb433d781597468ca8eba66a0d2466b2aff10c","kind":"commit","published_at":"2019-09-30T23:36:12.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.15.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0-rc2/manifests"},{"name":"v2.0.0","sha":"64c3d382cadf7bbe8e7e99884bede8284ff67f56","kind":"commit","published_at":"2019-09-27T21:56:33.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0/manifests"},{"name":"v2.0.0-rc2","sha":"2646d230746240eb52312aab3cceeeb7df33e380","kind":"commit","published_at":"2019-09-19T21:51:25.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-rc2/manifests"},{"name":"v1.15.0-rc1","sha":"ea930781c3164c9646e26cf3716f86804aa65b63","kind":"commit","published_at":"2019-09-16T05:00:45.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.15.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0-rc1/manifests"},{"name":"v2.0.0-rc1","sha":"f03fe1bf795061408fafda9704c485aea7bddde2","kind":"commit","published_at":"2019-09-11T17:43:51.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-rc1/manifests"},{"name":"v1.15.0-rc0","sha":"a0163a0a727c9c7af5ac976debd5e28d42275b8c","kind":"commit","published_at":"2019-09-08T20:24:52.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.15.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.15.0-rc0/manifests"},{"name":"v2.0.0-rc0","sha":"c75bb66a99ad45e5a3c9fc4625c8abeb705520b5","kind":"commit","published_at":"2019-08-22T17:40:23.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-rc0/manifests"},{"name":"v1.13.2","sha":"04256c89d8783c5cfd7e550f9512e9478beb6454","kind":"commit","published_at":"2019-07-15T18:15:22.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.13.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.2/manifests"},{"name":"v1.12.3","sha":"5b900cfe4b3b848f577315a0dde09a729f770e95","kind":"commit","published_at":"2019-06-21T17:20:35.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.12.3","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.12.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.3/manifests"},{"name":"v1.14.0","sha":"87989f69597d6b2d60de8f112e1e3cea23be7298","kind":"commit","published_at":"2019-06-18T22:48:23.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.14.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.14.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.14.0/manifests"},{"name":"v2.0.0-beta1","sha":"8e423e3d56390671f0d954c90f4fd163ab02a9c1","kind":"commit","published_at":"2019-06-13T17:41:13.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.0-beta1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.0-beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-beta1/manifests"},{"name":"v1.14.0-rc1","sha":"648ea74ea01deda6f13db83770564a2660d15925","kind":"commit","published_at":"2019-06-08T02:23:20.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.14.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.14.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.14.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.14.0-rc1/manifests"},{"name":"v2.0.0-beta0","sha":"f59745a38177bbc6f52a84af3a8a6d5c323d6db0","kind":"commit","published_at":"2019-06-07T07:00:18.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.0-beta0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.0-beta0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-beta0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-beta0/manifests"},{"name":"v1.14.0-rc0","sha":"f5ce1c00d4397875ff3d706881bd46430f4a9667","kind":"commit","published_at":"2019-05-23T18:33:28.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.14.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.14.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.14.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.14.0-rc0/manifests"},{"name":"v1.12.2","sha":"6b634657d8ff1355132c3838271e4f569d1ffaba","kind":"commit","published_at":"2019-04-18T17:36:20.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.12.2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.12.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.2/manifests"},{"name":"v1.12.1","sha":"c20310273f663b1dbf9ca9e68068784d44a95ae2","kind":"commit","published_at":"2019-04-18T13:15:58.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.12.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.1/manifests"},{"name":"v2.0.0-alpha0","sha":"2c319fb415a5c91ed7c0b81af72df410a69b8576","kind":"commit","published_at":"2019-03-05T21:41:53.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v2.0.0-alpha0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.0-alpha0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-alpha0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v2.0.0-alpha0/manifests"},{"name":"v1.13.1","sha":"6612da89516247503f03ef76e974b51a434fb52e","kind":"commit","published_at":"2019-02-25T20:37:04.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.13.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.1/manifests"},{"name":"v1.13.0-rc2","sha":"c865ec5621c013a7f8a4a26d380782e63117224f","kind":"commit","published_at":"2019-02-15T00:42:33.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.13.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.13.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.0-rc2/manifests"},{"name":"v1.13.0-rc1","sha":"63c13ff9b330682d136bc9219fa658f589b639f4","kind":"commit","published_at":"2019-02-07T18:19:52.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.13.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.13.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.0-rc1/manifests"},{"name":"v1.13.0-rc0","sha":"a8e5c41c5bbe684a88b9285e07bd9838c089e83b","kind":"commit","published_at":"2019-01-23T10:05:14.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.13.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.13.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.13.0-rc0/manifests"},{"name":"v1.12.0","sha":"a6d8ffae097d0132989ae4688d224121ec6d8f35","kind":"commit","published_at":"2018-11-02T01:35:10.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.12.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.0/manifests"},{"name":"v1.12.0-rc2","sha":"748435b8ef55a554e011e97a9f893304e737775a","kind":"commit","published_at":"2018-10-26T03:26:00.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.12.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.12.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.0-rc2/manifests"},{"name":"v1.12.0-rc1","sha":"7b081981131bf6da32065b8ecc3b8c5bd1280c4a","kind":"commit","published_at":"2018-10-16T17:14:23.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.12.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.12.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.0-rc1/manifests"},{"name":"v1.12.0-rc0","sha":"1a6dea36de673139af3ccb3728535f024436fc5d","kind":"commit","published_at":"2018-10-08T18:36:57.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.12.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.12.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.12.0-rc0/manifests"},{"name":"v1.11.0","sha":"c19e29306ce1777456b2dbb3a14f511edf7883a8","kind":"commit","published_at":"2018-09-25T21:50:52.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.11.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.11.0/manifests"},{"name":"v1.11.0-rc2","sha":"b903b819d396ced0f0ad83726eae1db5f216de80","kind":"commit","published_at":"2018-09-20T18:15:35.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.11.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.11.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.11.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.11.0-rc2/manifests"},{"name":"v1.11.0-rc1","sha":"e4c4b20805064c67ea624cdedf3f295ea1ee800d","kind":"commit","published_at":"2018-09-14T19:38:07.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.11.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.11.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.11.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.11.0-rc1/manifests"},{"name":"v1.11.0-rc0","sha":"1e438195399650604fb3aa3a53c67339f1167882","kind":"commit","published_at":"2018-09-11T23:18:00.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.11.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.11.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.11.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.11.0-rc0/manifests"},{"name":"v1.10.1","sha":"4dcfddc5d12018a5a0fdca652b9221ed95e9eb23","kind":"commit","published_at":"2018-08-23T19:58:44.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.10.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.10.1/manifests"},{"name":"v1.10.0","sha":"656e7a2b347c3c6eb76a6c130ed4b1def567b6c1","kind":"commit","published_at":"2018-08-07T23:52:04.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.10.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.10.0/manifests"},{"name":"v1.10.0-rc1","sha":"e5e9a8f4e97e6910cac46d84966ed82de2ec21b3","kind":"commit","published_at":"2018-07-30T18:46:35.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.10.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.10.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.10.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.10.0-rc1/manifests"},{"name":"v1.10.0-rc0","sha":"f2e8ef305e90151dfd3092a77880c9d046878ef8","kind":"commit","published_at":"2018-07-21T00:59:01.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.10.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.10.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.10.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.10.0-rc0/manifests"},{"name":"v1.9.0","sha":"25c197e02393bd44f50079945409009dd4d434f8","kind":"commit","published_at":"2018-07-09T20:38:25.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.9.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.9.0/manifests"},{"name":"v1.9.0-rc2","sha":"16a965c5c9a64ef82ccfcb849dd61e6aad00d10e","kind":"commit","published_at":"2018-07-02T22:07:51.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.9.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.9.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.9.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.9.0-rc2/manifests"},{"name":"v1.9.0-rc1","sha":"17d6639b550cdcedf31ee01bd6eb26c592aeac42","kind":"commit","published_at":"2018-06-14T13:24:27.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.9.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.9.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.9.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.9.0-rc1/manifests"},{"name":"v1.9.0-rc0","sha":"e1436b2952c7600c8ac88114210381db0398be16","kind":"commit","published_at":"2018-06-06T22:07:00.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.9.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.9.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.9.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.9.0-rc0/manifests"},{"name":"v1.7.1","sha":"c8137f3a8e1a22b6e274d0ffc84013624523df59","kind":"commit","published_at":"2018-05-04T19:13:34.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.7.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.7.1/manifests"},{"name":"tflite-v0.1.7","sha":"fa1db5eb0da85b5baccc2a46d534fdeb3bb473d0","kind":"commit","published_at":"2018-04-27T20:32:35.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/tflite-v0.1.7","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/tflite-v0.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/tflite-v0.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/tflite-v0.1.7/manifests"},{"name":"v1.8.0","sha":"93bc2e2072e0daccbcff7a90d397b704a9e8f778","kind":"commit","published_at":"2018-04-27T16:36:49.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.8.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.8.0/manifests"},{"name":"v1.8.0-rc1","sha":"cf9afc9467b12013d93c4fe779c4158944c85e93","kind":"commit","published_at":"2018-04-19T15:53:13.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.8.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.8.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.8.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.8.0-rc1/manifests"},{"name":"v1.8.0-rc0","sha":"3970b47da568a783818f43ec9f8df5acf692fe7c","kind":"commit","published_at":"2018-04-12T18:07:34.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.8.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.8.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.8.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.8.0-rc0/manifests"},{"name":"v1.7.0","sha":"024aecf414941e11eb643e29ceed3e1c47a115ad","kind":"commit","published_at":"2018-03-29T04:18:40.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.7.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.7.0/manifests"},{"name":"v1.7.0-rc1","sha":"e79eb0b8de130bf905a101608681e9c18561356c","kind":"commit","published_at":"2018-03-21T03:28:38.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.7.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.7.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.7.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.7.0-rc1/manifests"},{"name":"v1.5.1","sha":"6a1ec9deeb2b04dc698db385ea582f6949b4f8bc","kind":"commit","published_at":"2018-03-20T19:51:33.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.5.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.5.1/manifests"},{"name":"v1.7.0-rc0","sha":"9af25bb2a76b0e5607acecaa93ae421352a70748","kind":"commit","published_at":"2018-03-13T04:02:38.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.7.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.7.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.7.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.7.0-rc0/manifests"},{"name":"v1.6.0","sha":"d2e24b6039433bd83478da8c8c2d6c58034be607","kind":"commit","published_at":"2018-02-28T18:52:31.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.6.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.6.0/manifests"},{"name":"v1.6.0-rc1","sha":"b2a0f1c45b2283910548ebd88ee5aaf4b6fc6077","kind":"commit","published_at":"2018-02-13T23:20:07.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.6.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.6.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.6.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.6.0-rc1/manifests"},{"name":"v1.6.0-rc0","sha":"aaf367ed8ed416f9a86674bf1ddd660c11609e63","kind":"commit","published_at":"2018-02-04T20:28:47.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.6.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.6.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.6.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.6.0-rc0/manifests"},{"name":"v1.5.0","sha":"37aa430d84ced579342a4044c89c236664be7f68","kind":"commit","published_at":"2018-01-25T22:22:10.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.5.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.5.0/manifests"},{"name":"v1.5.0-rc1","sha":"b1f157f4d2d871f7a6d8eeb21fddf97b5216608a","kind":"commit","published_at":"2018-01-13T00:29:30.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.5.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.5.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.5.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.5.0-rc1/manifests"},{"name":"v1.5.0-rc0","sha":"622487f55481fd914bbf8f340c44ff2bb1d059de","kind":"commit","published_at":"2018-01-03T00:00:43.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.5.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.5.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.5.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.5.0-rc0/manifests"},{"name":"v1.4.1","sha":"438604fc885208ee05f9eef2d0f2c630e1360a83","kind":"commit","published_at":"2017-12-08T04:12:18.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.4.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.4.1/manifests"},{"name":"v1.4.0","sha":"d752244fbaad5e4268243355046d30990f59418f","kind":"commit","published_at":"2017-11-01T20:21:13.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.4.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.4.0/manifests"},{"name":"v1.4.0-rc1","sha":"358298a3c25e0736a408cac8ae46fb198ec397c3","kind":"commit","published_at":"2017-10-20T23:10:16.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.4.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.4.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.4.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.4.0-rc1/manifests"},{"name":"v1.4.0-rc0","sha":"5a944dc4f46edd464d8e645956d3a4f653f0d14e","kind":"commit","published_at":"2017-10-10T23:45:41.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.4.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.4.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.4.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.4.0-rc0/manifests"},{"name":"v1.3.1","sha":"48c54eee17b35ebc15e274e36632eccb76072f7d","kind":"commit","published_at":"2017-09-26T17:54:56.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.3.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.1/manifests"},{"name":"v1.3.0","sha":"9e76bf324f6bac63137a02bb6e6ec9120703ea9b","kind":"commit","published_at":"2017-08-17T01:20:31.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.3.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.0/manifests"},{"name":"v1.3.0-rc2","sha":"2784b1c4318add93d9cc9d1877962fed75ef604b","kind":"commit","published_at":"2017-08-03T20:32:46.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.3.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.3.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.0-rc2/manifests"},{"name":"v1.3.0-rc1","sha":"6f0d70e7c0e63c15020d889e5b63e0438e14d3b3","kind":"commit","published_at":"2017-07-26T23:47:36.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.3.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.3.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.0-rc1/manifests"},{"name":"v1.3.0-rc0","sha":"181971fd1dfc01730ce8b2aa74d90553709ee61d","kind":"commit","published_at":"2017-07-19T20:17:35.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.3.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.3.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.3.0-rc0/manifests"},{"name":"v1.2.1","sha":"b4957ffc69e73cf8348db7f381438c3b0ccabd14","kind":"commit","published_at":"2017-06-30T01:34:24.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.2.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.1/manifests"},{"name":"v1.2.0","sha":"12f033df4c8fa3feb88ce936eb1581eaa92b303e","kind":"commit","published_at":"2017-06-14T19:02:07.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.2.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.0/manifests"},{"name":"v1.2.0-rc2","sha":"ce1d6ec49bb0aea2ee2e5bd90e424345e6846fc8","kind":"commit","published_at":"2017-06-06T02:34:52.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.2.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.2.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.0-rc2/manifests"},{"name":"v1.2.0-rc1","sha":"636367bba8ceddc456419b0278e8c7655ea97edd","kind":"commit","published_at":"2017-05-26T18:29:48.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.2.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.2.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.0-rc1/manifests"},{"name":"v1.2.0-rc0","sha":"c462db435a45ec173c9e0fd946ce8e6d09b7d192","kind":"commit","published_at":"2017-05-19T21:49:40.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.2.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.2.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.2.0-rc0/manifests"},{"name":"v1.1.0","sha":"1ec6ed51182adf8f1b03a3188c16cd8a45ca6c85","kind":"commit","published_at":"2017-04-21T01:01:36.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.1.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.1.0/manifests"},{"name":"v1.1.0-rc2","sha":"4019c5837d21aee67e7365ae579bfd04c7ec6f88","kind":"commit","published_at":"2017-04-14T21:41:11.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.1.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.1.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.1.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.1.0-rc2/manifests"},{"name":"v1.1.0-rc1","sha":"efe5376f3dec8fcc2bf3299a4ff4df6ad3591c88","kind":"commit","published_at":"2017-04-04T18:07:14.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.1.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.1.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.1.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.1.0-rc1/manifests"},{"name":"v1.1.0-rc0","sha":"a23f5d7f7757623a4ea8c6e1d743d178a0c561c5","kind":"commit","published_at":"2017-03-24T02:51:15.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.1.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.1.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.1.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.1.0-rc0/manifests"},{"name":"v1.0.1","sha":"e895d5ca395c2362df4f5c8f08b68501b41f8a98","kind":"commit","published_at":"2017-03-07T22:16:05.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.0.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"07bb8ea2379bd459832b23951fb20ec47f3fdbd4","kind":"commit","published_at":"2017-02-11T06:33:43.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.0.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0/manifests"},{"name":"v1.0.0-rc2","sha":"1536a84f32f1fe77efd3fee6e5933a1dfe4e10bb","kind":"commit","published_at":"2017-02-08T18:32:14.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.0.0-rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.0.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0-rc2/manifests"},{"name":"v1.0.0-rc1","sha":"114a4627cb4b05dacb3228d5815a8dac30ddb07a","kind":"commit","published_at":"2017-02-03T23:13:00.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.0.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.0.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0-rc1/manifests"},{"name":"v1.0.0-rc0","sha":"0174cb2541b540653859399491ff9c2192a3d29d","kind":"commit","published_at":"2017-01-26T18:57:25.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.0.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.0.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0-rc0/manifests"},{"name":"v1.0.0-alpha","sha":"9937f8c6459c18529b31e50262726a8b40c12a7a","kind":"commit","published_at":"2017-01-10T00:17:51.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v1.0.0-alpha","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v1.0.0-alpha","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0-alpha","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v1.0.0-alpha/manifests"},{"name":"0.12.1","sha":"4d924e796368163eff11a8151e8505715345f58d","kind":"commit","published_at":"2016-12-25T13:44:34.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/0.12.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/0.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.12.1/manifests"},{"name":"v0.12.0","sha":"c62a66bcd4d6f009e0b416055e2ecb8ef50fd0aa","kind":"commit","published_at":"2016-12-19T23:18:10.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.12.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.12.0/manifests"},{"name":"0.12.0-rc1","sha":"68322a636fdcd8cbc6548d103a0cf82667b7c8b1","kind":"commit","published_at":"2016-12-10T04:59:10.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/0.12.0-rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/0.12.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.12.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.12.0-rc1/manifests"},{"name":"0.12.0-rc0","sha":"48408fc0e26669998cdb7f28604d163b0feb8130","kind":"commit","published_at":"2016-11-28T22:31:19.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/0.12.0-rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/0.12.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.12.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.12.0-rc0/manifests"},{"name":"v0.11.0","sha":"282823b877f173e6a33bbc9d4b9ad7dd8413ada6","kind":"commit","published_at":"2016-11-09T22:07:53.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.11.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.11.0/manifests"},{"name":"v0.11.0rc2","sha":"b5943bd1bcaa1510ab035a82f20adb6f7b2f7b05","kind":"commit","published_at":"2016-10-31T17:55:37.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.11.0rc2","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.11.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.11.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.11.0rc2/manifests"},{"name":"v0.11.0rc1","sha":"671f4c6519b4d82d3e97ab96825e0a748fae8e5d","kind":"commit","published_at":"2016-10-21T00:06:33.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.11.0rc1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.11.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.11.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.11.0rc1/manifests"},{"name":"v0.11.0rc0","sha":"2dea76c0b8eb5b8302454137c055f9e7b7dcea39","kind":"commit","published_at":"2016-09-30T17:15:46.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.11.0rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.11.0rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.11.0rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.11.0rc0/manifests"},{"name":"v0.10.0","sha":"c715c3102df1556fc0ce88fc987440a3c80e5380","kind":"commit","published_at":"2016-09-08T21:49:36.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.10.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.10.0/manifests"},{"name":"v0.10.0rc0","sha":"3cb39956e622b322e43547cf2b6e337020643f21","kind":"commit","published_at":"2016-07-29T21:34:44.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.10.0rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.10.0rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.10.0rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.10.0rc0/manifests"},{"name":"v0.9.0","sha":"25023dffcf88f46777b5ddab457ac84a5bed5d2f","kind":"commit","published_at":"2016-06-21T21:36:21.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.9.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.9.0/manifests"},{"name":"v0.9.0rc0","sha":"9425f822d8a5dc657022eed5c5142b4bf7b1087a","kind":"commit","published_at":"2016-06-06T06:56:44.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.9.0rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.9.0rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.9.0rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.9.0rc0/manifests"},{"name":"v0.8.0","sha":"4b7bc3174ed67b4a0eb1803537c9d00f132e9ae7","kind":"commit","published_at":"2016-04-22T20:51:21.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.8.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.8.0/manifests"},{"name":"v0.8.0rc0","sha":"31ea3dbf57d67b32ca1708e7d8cd5fb43e7810b1","kind":"commit","published_at":"2016-04-13T15:26:19.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.8.0rc0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.8.0rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.8.0rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.8.0rc0/manifests"},{"name":"v0.7.1","sha":"028d0b46004c921acd48fdd0ec18128d79e18bf4","kind":"commit","published_at":"2016-02-20T07:42:14.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.7.1","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"d0db73a0648e3f1e8367606225e4df2f0d34d0c0","kind":"commit","published_at":"2016-02-16T16:57:59.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.7.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.7.0/manifests"},{"name":"v0.6.0","sha":"09e2e823bdbcb86542acef851c42754578be3f6c","kind":"commit","published_at":"2016-02-10T20:27:36.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/v0.6.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/v0.6.0/manifests"},{"name":"0.6.0","sha":"8242b4dd1b36440e191fef8a07b6f37d8bcee60d","kind":"tag","published_at":"2015-12-10T04:26:27.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/0.6.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.6.0/manifests"},{"name":"0.5.0","sha":"b2dc60eaa9c00421293b87824a2047fdcf6fa331","kind":"tag","published_at":"2015-11-09T03:08:54.000Z","download_url":"https://codeload.github.com/tensorflow/tensorflow/tar.gz/0.5.0","html_url":"https://github.com/tensorflow/tensorflow/releases/tag/0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/tags/0.5.0/manifests"}]},"repo_metadata_updated_at":"2024-09-07T19:51:53.411Z","dependent_packages_count":88,"downloads":1488652,"downloads_period":"last-month","dependent_repos_count":2483,"rankings":{"downloads":0.37174721189591076,"dependent_repos_count":0.2160614541049778,"dependent_packages_count":0.21695394383134586,"stargazers_count":null,"forks_count":null,"docker_downloads_count":0.4148455863087666,"average":0.30490204903525026},"purl":"pkg:pypi/tensorflow-cpu","advisories":[{"uuid":"GSA_kwCzR0hTQS1namg3LXh4NHIteDM0Nc4AA-RO","url":"https://github.com/advisories/GHSA-gjh7-xx4r-x345","title":"TensorFlow has segfault in array_ops.upper_bound","description":"### Impact\n`array_ops.upper_bound` causes a segfault when not given a rank 2 tensor.\n\n### Patches\nWe have patched the issue in GitHub commit [915884fdf5df34aaedd00fc6ace33a2cfdefa586](https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586).\n\nThe fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by dmc1778","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-07-30T20:47:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345","https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec","https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586","https://nvd.nist.gov/vuln/detail/CVE-2023-33976","https://github.com/advisories/GHSA-gjh7-xx4r-x345"],"source_kind":"github","identifiers":["GHSA-gjh7-xx4r-x345","CVE-2023-33976"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":42.34978576590883,"created_at":"2024-07-30T21:05:30.718Z","updated_at":"2026-05-28T19:08:10.393Z","epss_percentage":0.00036,"epss_percentile":0.10709,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1namg3LXh4NHIteDM0Nc4AA-RO","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1namg3LXh4NHIteDM0Nc4AA-RO","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.12.1","vulnerable_version_range":"\u003c 2.12.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.12.1","vulnerable_version_range":"\u003c 2.12.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.12.1","vulnerable_version_range":"\u003c 2.12.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1namg3LXh4NHIteDM0Nc4AA-RO/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1meGdjLTk1eHgtZ3J2cc4AAyWI","url":"https://github.com/advisories/GHSA-fxgc-95xx-grvq","title":"TensorFlow Denial of Service vulnerability","description":"### Impact\nA malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack.\nTo minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed in real-world systems. However, if we call the model with a malicious input which has a zero dimension, it gives Check Failed failure and crashes. \n```python\nimport tensorflow as tf\n\nclass MyModel(tf.keras.Model):\n    def __init__(self):\n        super().__init__()\n        self.conv = tf.keras.layers.Convolution3DTranspose(2, [3,3,3], padding=\"same\")\n        \n    def call(self, input):\n        return self.conv(input)\nmodel = MyModel() # Defines a valid model.\n\nx = tf.random.uniform([1, 32, 32, 32, 3], minval=0, maxval=0, dtype=tf.float32) # This is a valid input.\noutput = model.predict(x)\nprint(output.shape) # (1, 32, 32, 32, 2)\n\nx = tf.random.uniform([1, 32, 32, 0, 3], dtype=tf.float32) # This is an invalid input.\noutput = model(x) # crash\n```\nThis Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services.\n\n### Patches\nWe have patched the issue in\n- GitHub commit [948fe6369a5711d4b4568ea9bbf6015c6dfb77e2](https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2)\n- GitHub commit [85db5d07db54b853484bfd358c3894d948c36baf](https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-03-27T21:05:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq","https://github.com/keras-team/keras/commit/85db5d07db54b853484bfd358c3894d948c36baf","https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2","https://nvd.nist.gov/vuln/detail/CVE-2023-25661","https://github.com/advisories/GHSA-fxgc-95xx-grvq"],"source_kind":"github","identifiers":["GHSA-fxgc-95xx-grvq","CVE-2023-25661"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-27T22:03:11.890Z","updated_at":"2026-05-28T19:12:08.623Z","epss_percentage":0.00163,"epss_percentile":0.37259,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1meGdjLTk1eHgtZ3J2cc4AAyWI","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1meGdjLTk1eHgtZ3J2cc4AAyWI","packages":[{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1meGdjLTk1eHgtZ3J2cc4AAyWI/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05M3ZyLTlxOW0tcGo4cM4AAyUE","url":"https://github.com/advisories/GHSA-93vr-9q9m-pj8p","title":"TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch","description":"### Impact\nIf the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read.\n\n```python\nimport tensorflow as tf\nfunc = tf.raw_ops.DynamicStitch\npara={'indices': [[0xdeadbeef], [405], [519], [758], [1015]], 'data': [[110.27793884277344], [120.29475402832031], [157.2418212890625], [157.2626953125], [188.45382690429688]]}\ny = func(**para)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [ee004b18b976eeb5a758020af8880236cd707d05](https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis has been reported via Google OSS VRP.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:58:53.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p","https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05","https://nvd.nist.gov/vuln/detail/CVE-2023-25659","https://github.com/advisories/GHSA-93vr-9q9m-pj8p"],"source_kind":"github","identifiers":["GHSA-93vr-9q9m-pj8p","CVE-2023-25659"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.152Z","updated_at":"2026-05-28T19:13:06.960Z","epss_percentage":0.00204,"epss_percentile":0.42463,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M3ZyLTlxOW0tcGo4cM4AAyUE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05M3ZyLTlxOW0tcGo4cM4AAyUE","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M3ZyLTlxOW0tcGo4cM4AAyUE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xanFjLXZxY2YtNXF2as4AAyUD","url":"https://github.com/advisories/GHSA-qjqc-vqcf-5qvj","title":"TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`","description":"### Impact\nWhen the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray\u003cbool\u003e` will reference to a nullptr, leading to a seg fault.\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.Print(input =  tf.constant([1, 1, 1, 1],dtype=tf.int32),\n                            data =  [[False, False, False, False], [False], [False, False, False]],\n                            message =  'tmp/I',\n                            first_n = 100,\n                            summarize = 0)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [6d423b8bcc9aa9f5554dc988c1c16d038b508df1](https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Yu Tian of Qihoo 360 AIVul Team\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:58:44.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj","https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1","https://nvd.nist.gov/vuln/detail/CVE-2023-25660","https://github.com/advisories/GHSA-qjqc-vqcf-5qvj"],"source_kind":"github","identifiers":["GHSA-qjqc-vqcf-5qvj","CVE-2023-25660"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.164Z","updated_at":"2026-05-28T19:13:06.961Z","epss_percentage":0.0024,"epss_percentile":0.4709,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xanFjLXZxY2YtNXF2as4AAyUD","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xanFjLXZxY2YtNXF2as4AAyUD","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xanFjLXZxY2YtNXF2as4AAyUD/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03anZtLXh4bXItdjVjd84AAyUC","url":"https://github.com/advisories/GHSA-7jvm-xxmr-v5cw","title":"TensorFlow vulnerable to integer overflow in EditDistance","description":"### Impact\nTFversion 2.11.0 //tensorflow/core/ops/array_ops.cc:1067 const Tensor* hypothesis_shape_t = c-\u003einput_tensor(2); std::vector\u003cDimensionHandle\u003e dims(hypothesis_shape_t-\u003eNumElements() - 1); for (int i = 0; i \u003c dims.size(); ++i) { dims[i] = c-\u003eMakeDim(std::max(h_values(i), t_values(i))); }\n\nif hypothesis_shape_t is empty, hypothesis_shape_t-\u003eNumElements() - 1 will be integer overflow, and the it will deadlock\n```python\nimport tensorflow as tf\npara={\n    'hypothesis_indices': [[]],\n    'hypothesis_values': ['tmp/'],\n    'hypothesis_shape': [],\n    'truth_indices': [[]],\n    'truth_values': [''],\n    'truth_shape': [],\n    'normalize': False\n    }\ntf.raw_ops.EditDistance(**para)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [08b8e18643d6dcde00890733b270ff8d9960c56c](https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:58:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw","https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c","https://nvd.nist.gov/vuln/detail/CVE-2023-25662","https://github.com/advisories/GHSA-7jvm-xxmr-v5cw"],"source_kind":"github","identifiers":["GHSA-7jvm-xxmr-v5cw","CVE-2023-25662"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.173Z","updated_at":"2026-04-28T20:08:23.036Z","epss_percentage":0.00151,"epss_percentile":0.35491,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03anZtLXh4bXItdjVjd84AAyUC","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03anZtLXh4bXItdjVjd84AAyUC","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03anZtLXh4bXItdjVjd84AAyUC/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02NGpnLXdqd3ctN2M1d84AAyUB","url":"https://github.com/advisories/GHSA-64jg-wjww-7c5w","title":"TensorFlow has Null Pointer Error in TensorArrayConcatV2","description":"### Impact\nWhen ctx-\u003estep_containter() is a null ptr, the Lookup function will be executed with a null pointer.\n```python\nimport tensorflow as tf\ntf.raw_ops.TensorArrayConcatV2(handle=['a', 'b'], flow_in = 0.1, dtype=tf.int32, element_shape_except0=1)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [239139d2ae6a81ae9ba499ad78b56d9b2931538a](https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Yu Tian","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:58:15.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w","https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a","https://nvd.nist.gov/vuln/detail/CVE-2023-25663","https://github.com/advisories/GHSA-64jg-wjww-7c5w"],"source_kind":"github","identifiers":["GHSA-64jg-wjww-7c5w","CVE-2023-25663"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.183Z","updated_at":"2026-05-28T19:13:06.962Z","epss_percentage":0.00206,"epss_percentile":0.4305,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NGpnLXdqd3ctN2M1d84AAyUB","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02NGpnLXdqd3ctN2M1d84AAyUB","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NGpnLXdqd3ctN2M1d84AAyUB/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02aGc2LTVjMnEtN3Jjcs4AAyUA","url":"https://github.com/advisories/GHSA-6hg6-5c2q-7rcr","title":"TensorFlow has Heap-buffer-overflow in AvgPoolGrad ","description":"### Impact\n```python\nimport os\nos.environ['TF_ENABLE_ONEDNN_OPTS'] = '0'\nimport tensorflow as tf\nprint(tf.__version__)\nwith tf.device(\"CPU\"):\n    ksize = [1, 40, 128, 1]\n    strides = [1, 128, 128, 30]\n    padding = \"SAME\"\n    data_format = \"NHWC\"\n    orig_input_shape = [11, 9, 78, 9]\n    grad = tf.saturate_cast(tf.random.uniform([16, 16, 16, 16], minval=-128, maxval=129, dtype=tf.int64), dtype=tf.float32)\n    res = tf.raw_ops.AvgPoolGrad(\n        ksize=ksize,\n        strides=strides,\n        padding=padding,\n        data_format=data_format,\n        orig_input_shape=orig_input_shape,\n        grad=grad,\n    )\n```\n\n### Patches\nWe have patched the issue in GitHub commit [ddaac2bdd099bec5d7923dea45276a7558217e5b](https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by \u003cevn@google.com\u003e\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:58:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr","https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b","https://nvd.nist.gov/vuln/detail/CVE-2023-25664","https://github.com/advisories/GHSA-6hg6-5c2q-7rcr"],"source_kind":"github","identifiers":["GHSA-6hg6-5c2q-7rcr","CVE-2023-25664"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.193Z","updated_at":"2026-06-02T03:08:50.399Z","epss_percentage":0.0009,"epss_percentile":0.25541,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02aGc2LTVjMnEtN3Jjcs4AAyUA","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02aGc2LTVjMnEtN3Jjcs4AAyUA","packages":[{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02aGc2LTVjMnEtN3Jjcs4AAyUA/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01NThoLW1xOHgtN3E5Z84AAyT_","url":"https://github.com/advisories/GHSA-558h-mq8x-7q9g","title":"TensorFlow has Null Pointer Error in SparseSparseMaximum","description":"### Impact\nWhen `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give an NPE. \n\n```python\nimport tensorflow as tf\ntf.raw_ops.SparseSparseMaximum(\n a_indices=[[1]],\n a_values =[ 0.1 ],\n a_shape = [2],\n b_indices=[[]],\n b_values =[2 ],\n b_shape = [2],\n)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04](https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Yu Tian of Qihoo 360 AIVul Team","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:57:25.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g","https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04","https://nvd.nist.gov/vuln/detail/CVE-2023-25665","https://github.com/advisories/GHSA-558h-mq8x-7q9g"],"source_kind":"github","identifiers":["GHSA-558h-mq8x-7q9g","CVE-2023-25665"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.203Z","updated_at":"2026-06-02T03:08:50.400Z","epss_percentage":0.00125,"epss_percentile":0.31427,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NThoLW1xOHgtN3E5Z84AAyT_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01NThoLW1xOHgtN3E5Z84AAyT_","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NThoLW1xOHgtN3E5Z84AAyT_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mNjM3LXZoM3ItdmZoMs4AAyT-","url":"https://github.com/advisories/GHSA-f637-vh3r-vfh2","title":"TensorFlow has Floating Point Exception in AudioSpectrogram ","description":"### Impact\nversion:2.11.0 //core/ops/audio_ops.cc:70\n\nStatus SpectrogramShapeFn(InferenceContext* c) { ShapeHandle input; TF_RETURN_IF_ERROR(c-\u003eWithRank(c-\u003einput(0), 2, \u0026input)); int32_t window_size; TF_RETURN_IF_ERROR(c-\u003eGetAttr(\"window_size\", \u0026window_size)); int32_t stride; TF_RETURN_IF_ERROR(c-\u003eGetAttr(\"stride\", \u0026stride)); .....[1]\n\nDimensionHandle input_length = c-\u003eDim(input, 0); DimensionHandle input_channels = c-\u003eDim(input, 1);\n\nDimensionHandle output_length; if (!c-\u003eValueKnown(input_length)) { output_length = c-\u003eUnknownDim(); } else { const int64_t input_length_value = c-\u003eValue(input_length); const int64_t length_minus_window = (input_length_value - window_size); int64_t output_length_value; if (length_minus_window \u003c 0) { output_length_value = 0; } else { output_length_value = 1 + (length_minus_window / stride); .....[2] } output_length = c-\u003eMakeDim(output_length_value); }\n\nGet the value of stride at [1], and the used at [2]\n```python\nimport tensorflow as tf\n\npara = {'input': tf.constant([[14.], [24.]], dtype=tf.float32), 'window_size': 1, 'stride': 0, 'magnitude_squared': False}\nfunc = tf.raw_ops.AudioSpectrogram\n\n@tf.function(jit_compile=True)\ndef fuzz_jit():\n   y = func(**para)\n   return y\n\nfuzz_jit()\n```\n\n### Patches\nWe have patched the issue in GitHub commit [d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14](https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:57:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2","https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14","https://nvd.nist.gov/vuln/detail/CVE-2023-25666","https://github.com/advisories/GHSA-f637-vh3r-vfh2"],"source_kind":"github","identifiers":["GHSA-f637-vh3r-vfh2","CVE-2023-25666"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.213Z","updated_at":"2026-05-19T22:10:02.941Z","epss_percentage":0.00054,"epss_percentile":0.16933,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNjM3LXZoM3ItdmZoMs4AAyT-","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mNjM3LXZoM3ItdmZoMs4AAyT-","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNjM3LXZoM3ItdmZoMs4AAyT-/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mcW0yLWdoOHctZ3I2OM4AAyT9","url":"https://github.com/advisories/GHSA-fqm2-gh8w-gr68","title":"TensorFlow vulnerable to segfault when opening multiframe gif","description":"### Impact\nInteger overflow occurs when 2^31 \u003c= num_frames * height * width * channels \u003c 2^32, for example Full HD screencast of at least 346 frames.\n```python\nimport urllib.request\ndat = urllib.request.urlopen('https://raw.githubusercontent.com/tensorflow/tensorflow/1c38ad9b78ffe06076745a1ee00cec42f39ff726/tensorflow/core/lib/gif/testdata/3g_multiframe.gif').read()\nimport tensorflow as tf\ntf.io.decode_gif(dat)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d](https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Andrei\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-03-24T21:57:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68","https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d","https://nvd.nist.gov/vuln/detail/CVE-2023-25667","https://github.com/advisories/GHSA-fqm2-gh8w-gr68"],"source_kind":"github","identifiers":["GHSA-fqm2-gh8w-gr68","CVE-2023-25667"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.222Z","updated_at":"2026-06-02T03:08:50.401Z","epss_percentage":0.00211,"epss_percentile":0.43543,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcW0yLWdoOHctZ3I2OM4AAyT9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mcW0yLWdoOHctZ3I2OM4AAyT9","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcW0yLWdoOHctZ3I2OM4AAyT9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ndzk3LWZmN2MtOXY5Ns4AAyT8","url":"https://github.com/advisories/GHSA-gw97-ff7c-9v96","title":"TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation","description":"### Impact\nAttackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE.\nWhen axis is larger than the dim of input, c-\u003eDim(input,axis) goes out of bound.\nSame problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Grad operations too.\n```python\nimport tensorflow as tf\n@tf.function\ndef test():\n    tf.raw_ops.QuantizeAndDequantizeV2(input=[2.5],\n    \t\t\t\t\t\t\t\t   input_min=[1.0],\n    \t\t\t\t\t\t\t\t   input_max=[10.0],\n    \t\t\t\t\t\t\t\t   signed_input=True,\n    \t\t\t\t\t\t\t\t   num_bits=1,\n    \t\t\t\t\t\t\t\t   range_given=True,\n    \t\t\t\t\t\t\t\t   round_mode='HALF_TO_EVEN',\n    \t\t\t\t\t\t\t\t   narrow_range=True,\n    \t\t\t\t\t\t\t\t   axis=0x7fffffff)\ntest()\n```\n\n\n\n### Patches\nWe have patched the issue in GitHub commit [7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb](https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2023-03-24T21:57:01.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96","https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb","https://nvd.nist.gov/vuln/detail/CVE-2023-25668","https://github.com/advisories/GHSA-gw97-ff7c-9v96"],"source_kind":"github","identifiers":["GHSA-gw97-ff7c-9v96","CVE-2023-25668"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.232Z","updated_at":"2026-05-19T22:10:02.943Z","epss_percentage":0.01465,"epss_percentile":0.80909,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndzk3LWZmN2MtOXY5Ns4AAyT8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ndzk3LWZmN2MtOXY5Ns4AAyT8","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndzk3LWZmN2MtOXY5Ns4AAyT8/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yY2Y4LWc4anYtdmc2cM4AAyT7","url":"https://github.com/advisories/GHSA-rcf8-g8jv-vg6p","title":"TensorFlow has Floating Point Exception in AvgPoolGrad with XLA","description":"### Impact\nIf the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give an FPE.\n\n```python\nimport tensorflow as tf\nimport numpy as np\n\n@tf.function(jit_compile=True)\ndef test():\n   y = tf.raw_ops.AvgPoolGrad(orig_input_shape=[1,0,0,0], grad=[[[[0.39117979]]]], ksize=[1,0,0,0], strides=[1,0,0,0], padding=\"SAME\", data_format=\"NCHW\")\n   return y\n\nprint(test())\n```\n\n### Patches\nWe have patched the issue in GitHub commit [1295ae4dbb52fe06b19733b0257e2340d7b63b8d](https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx of 360 AIVul Team\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:56:53.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p","https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d","https://nvd.nist.gov/vuln/detail/CVE-2023-25669","https://github.com/advisories/GHSA-rcf8-g8jv-vg6p"],"source_kind":"github","identifiers":["GHSA-rcf8-g8jv-vg6p","CVE-2023-25669"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.242Z","updated_at":"2026-05-07T08:08:33.724Z","epss_percentage":0.00206,"epss_percentile":0.42914,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yY2Y4LWc4anYtdmc2cM4AAyT7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yY2Y4LWc4anYtdmc2cM4AAyT7","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yY2Y4LWc4anYtdmc2cM4AAyT7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00OXJxLWh3YzMteDc3d84AAyT6","url":"https://github.com/advisories/GHSA-49rq-hwc3-x77w","title":"TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize","description":"### Impact\nNPE in QuantizedMatMulWithBiasAndDequantize with MKL enable \n```python\nimport tensorflow as tf\n\nfunc = tf.raw_ops.QuantizedMatMulWithBiasAndDequantize\npara={'a': tf.constant(138, dtype=tf.quint8), 'b': tf.constant(4, dtype=tf.qint8), 'bias': [[31.81644630432129, 47.21876525878906], [109.95201110839844, 152.07968139648438]], 'min_a': 141.5337138686371, 'max_a': [73.84139251708984, 173.15280151367188], 'min_b': [], 'max_b': [[16.128345489501953, 193.26820373535156]], 'min_freezed_output': [], 'max_freezed_output': [115.50032806396484, 156.974853515625], 'Toutput': 1.0, 'transpose_a': True, 'transpose_b': False, 'input_quant_mode': 'MIN_FIRST'}\n\nfunc(**para)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [8a47a39d9697969206d23a523c977238717e8727](https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:55:32.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w","https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727","https://nvd.nist.gov/vuln/detail/CVE-2023-25670","https://github.com/advisories/GHSA-49rq-hwc3-x77w"],"source_kind":"github","identifiers":["GHSA-49rq-hwc3-x77w","CVE-2023-25670"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.252Z","updated_at":"2026-05-19T22:10:02.944Z","epss_percentage":0.0024,"epss_percentile":0.4709,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00OXJxLWh3YzMteDc3d84AAyT6","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00OXJxLWh3YzMteDc3d84AAyT6","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00OXJxLWh3YzMteDc3d84AAyT6/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qNXc5LWhtZmgtNGNyNs4AAyT5","url":"https://github.com/advisories/GHSA-j5w9-hmfh-4cr6","title":"TensorFlow has segmentation fault in tfg-translate ","description":"### Impact\nOut-of-bounds access due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder. Bug with tfg-translate call to InitMlir. The problem happens with generic functions, as it is already handled for non-generic functions. This is because they, unlike non-generic functions, are using the \"old importer\". A better long-term solution may be to have the \"new importer\" handle generic functions.\n\n### Patches\nWe have patched the issue in GitHub\n- commit [760322a71ac9033e122ef1f4b1c62813021e5938](https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938).\n- commit [2eedc8f676d2c3b8be9492e547b2bc814c10b367](https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367)\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx\n\n### Affiliation\n360 AIVul\n\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:55:07.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6","https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367","https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938","https://nvd.nist.gov/vuln/detail/CVE-2023-25671","https://github.com/advisories/GHSA-j5w9-hmfh-4cr6"],"source_kind":"github","identifiers":["GHSA-j5w9-hmfh-4cr6","CVE-2023-25671"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.262Z","updated_at":"2026-06-02T03:08:50.402Z","epss_percentage":0.00318,"epss_percentile":0.54904,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNXc5LWhtZmgtNGNyNs4AAyT5","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qNXc5LWhtZmgtNGNyNs4AAyT5","packages":[{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNXc5LWhtZmgtNGNyNs4AAyT5/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05NG1tLWcybXYtOHA3cs4AAyT4","url":"https://github.com/advisories/GHSA-94mm-g2mv-8p7r","title":"TensorFlow has Null Pointer Error in LookupTableImportV2","description":"### Impact\nThe function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE.\n\n```python\nimport tensorflow as tf\n\nv = tf.Variable(1)\n\n@tf.function(jit_compile=True)\ndef test():\n   func = tf.raw_ops.LookupTableImportV2\n   para={'table_handle': v.handle,'keys': [62.98910140991211, 94.36528015136719], 'values': -919}\n\n   y = func(**para)\n   return y\n\nprint(test())\n```\n\n### Patches\nWe have patched the issue in GitHub commit [980b22536abcbbe1b4a5642fc940af33d8c19b69](https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx of 360 AIVul Team\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:54:55.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r","https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69","https://nvd.nist.gov/vuln/detail/CVE-2023-25672","https://github.com/advisories/GHSA-94mm-g2mv-8p7r"],"source_kind":"github","identifiers":["GHSA-94mm-g2mv-8p7r","CVE-2023-25672"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.273Z","updated_at":"2026-05-19T22:10:02.946Z","epss_percentage":0.00105,"epss_percentile":0.28411,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NG1tLWcybXYtOHA3cs4AAyT4","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05NG1tLWcybXYtOHA3cs4AAyT4","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NG1tLWcybXYtOHA3cs4AAyT4/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02NDd2LXI3cXEtMjRmaM4AAyT3","url":"https://github.com/advisories/GHSA-647v-r7qq-24fh","title":"TensorFlow has Floating Point Exception in TensorListSplit with XLA ","description":"### Impact\nFPE in TensorListSplit with XLA \n```python\nimport tensorflow as tf\n\nfunc = tf.raw_ops.TensorListSplit\npara = {'tensor': [1], 'element_shape': -1, 'lengths': [0]}\n\n@tf.function(jit_compile=True)\ndef fuzz_jit():\n y = func(**para)\n return y\n\nprint(fuzz_jit())\n```\n\n### Patches\nWe have patched the issue in GitHub commit [728113a3be690facad6ce436660a0bc1858017fa](https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:54:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh","https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa","https://nvd.nist.gov/vuln/detail/CVE-2023-25673","https://github.com/advisories/GHSA-647v-r7qq-24fh"],"source_kind":"github","identifiers":["GHSA-647v-r7qq-24fh","CVE-2023-25673"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.283Z","updated_at":"2026-06-02T03:08:50.403Z","epss_percentage":0.0028,"epss_percentile":0.51542,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NDd2LXI3cXEtMjRmaM4AAyT3","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02NDd2LXI3cXEtMjRmaM4AAyT3","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NDd2LXI3cXEtMjRmaM4AAyT3/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1nZjk3LXE3Mm0tNzU3Oc4AAyT2","url":"https://github.com/advisories/GHSA-gf97-q72m-7579","title":"TensorFlow has Null Pointer Error in RandomShuffle with XLA enable ","description":"### Impact\nNPE in RandomShuffle with XLA enable \n```python\nimport tensorflow as tf\n\nfunc = tf.raw_ops.RandomShuffle\npara = {'value': 1e+20, 'seed': -4294967297, 'seed2': -2147483649}\n\n@tf.function(jit_compile=True)\ndef test():\n   y = func(**para)\n   return y\n\ntest()\n```\n\n### Patches\nWe have patched the issue in GitHub commit [728113a3be690facad6ce436660a0bc1858017fa](https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:54:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579","https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa","https://nvd.nist.gov/vuln/detail/CVE-2023-25674","https://github.com/advisories/GHSA-gf97-q72m-7579"],"source_kind":"github","identifiers":["GHSA-gf97-q72m-7579","CVE-2023-25674"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.294Z","updated_at":"2026-05-22T03:11:03.454Z","epss_percentage":0.00391,"epss_percentile":0.60126,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZjk3LXE3Mm0tNzU3Oc4AAyT2","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nZjk3LXE3Mm0tNzU3Oc4AAyT2","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZjk3LXE3Mm0tNzU3Oc4AAyT2/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03eDR2LTlneGctOWh3as4AAyT1","url":"https://github.com/advisories/GHSA-7x4v-9gxg-9hwj","title":"TensorFlow has Segfault in Bincount with XLA","description":"### Impact\nWhen running with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor.\n\n```python\nimport tensorflow as tf\n\nfunc = tf.raw_ops.Bincount\npara={'arr': 6, 'size': 804, 'weights': [52, 351]}\n\n@tf.function(jit_compile=True)\ndef fuzz_jit():\n y = func(**para)\n return y\n\nprint(fuzz_jit())\n```\n\n### Patches\nWe have patched the issue in GitHub commit [8ae76cf085f4be26295d2ecf2081e759e04b8acf](https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx of 360 AIVul Team\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:54:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj","https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf","https://nvd.nist.gov/vuln/detail/CVE-2023-25675","https://github.com/advisories/GHSA-7x4v-9gxg-9hwj"],"source_kind":"github","identifiers":["GHSA-7x4v-9gxg-9hwj","CVE-2023-25675"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.303Z","updated_at":"2026-06-02T03:08:50.404Z","epss_percentage":0.00206,"epss_percentile":0.42914,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03eDR2LTlneGctOWh3as4AAyT1","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03eDR2LTlneGctOWh3as4AAyT1","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03eDR2LTlneGctOWh3as4AAyT1/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02d2ZoLTg5cTgtNDRqcc4AAyT0","url":"https://github.com/advisories/GHSA-6wfh-89q8-44jq","title":"TensorFlow has null dereference on ParallelConcat with XLA","description":"### Impact\nWhen running with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero.\n\n```python\nimport tensorflow as tf\n\nfunc = tf.raw_ops.ParallelConcat\npara = {'shape':  0, 'values': [1]}\n\n@tf.function(jit_compile=True)\ndef test():\n   y = func(**para)\n   return y\n\ntest()\n```\n\n### Patches\nWe have patched the issue in GitHub commit [da66bc6d5ff466aee084f9e7397980a24890cd15](https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx of 360 AIVul Team\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:54:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq","https://github.com/tensorflow/tensorflow/commit/da66bc6d5ff466aee084f9e7397980a24890cd15","https://nvd.nist.gov/vuln/detail/CVE-2023-25676","https://github.com/advisories/GHSA-6wfh-89q8-44jq"],"source_kind":"github","identifiers":["GHSA-6wfh-89q8-44jq","CVE-2023-25676"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.320Z","updated_at":"2026-05-28T19:13:08.229Z","epss_percentage":0.0024,"epss_percentile":0.4709,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02d2ZoLTg5cTgtNDRqcc4AAyT0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02d2ZoLTg5cTgtNDRqcc4AAyT0","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02d2ZoLTg5cTgtNDRqcc4AAyT0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mNDljLTg3amgtZzQ3cc4AAyTz","url":"https://github.com/advisories/GHSA-f49c-87jh-g47q","title":"TensorFlow has double free in Fractional(Max/Avg)Pool","description":"### Impact\n`nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\n\n```python\nimport tensorflow as tf\nimport os\nimport numpy as np\nfrom tensorflow.python.ops import nn_ops\ntry:\n  arg_0_tensor = tf.random.uniform([3, 30, 50, 3], dtype=tf.float64)\n  arg_0 = tf.identity(arg_0_tensor)\n  arg_1_0 = 2\n  arg_1_1 = 3\n  arg_1_2 = 1\n  arg_1_3 = 1\n  arg_1 = [arg_1_0,arg_1_1,arg_1_2,arg_1_3,]\n  arg_2 = True\n  arg_3 = True\n  seed = 341261001\n  out = nn_ops.fractional_avg_pool_v2(arg_0,arg_1,arg_2,arg_3,seed=seed,)\nexcept Exception as e:\n  print(\"Error:\"+str(e))\n```\n\n### Patches\nWe have patched the issue in GitHub commit [ee50d1e00f81f62a4517453f721c634bbb478307](https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability was reported by [dmc1778](https://github.com/dmc1778), of [nimashiri2012@gmail.com](mailto:nimashiri2012@gmail.com).\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:53:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.0,"cvss_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q","https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307","https://nvd.nist.gov/vuln/detail/CVE-2023-25801","https://github.com/advisories/GHSA-f49c-87jh-g47q"],"source_kind":"github","identifiers":["GHSA-f49c-87jh-g47q","CVE-2023-25801"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.330Z","updated_at":"2026-05-19T22:10:02.949Z","epss_percentage":0.00088,"epss_percentile":0.25202,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNDljLTg3amgtZzQ3cc4AAyTz","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mNDljLTg3amgtZzQ3cc4AAyTz","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNDljLTg3amgtZzQ3cc4AAyTz/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01dzk2LTg2NmYtNnJtOM4AAyTy","url":"https://github.com/advisories/GHSA-5w96-866f-6rm8","title":"TensorFlow has Floating Point Exception in TFLite in conv kernel","description":"### Impact\nConstructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE.\n\n\n### Patches\nWe have patched the issue in GitHub commit [34f8368c535253f5c9cb3a303297743b62442aaa](https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability was reported by Wang Xuan of Qihoo 360 AIVul Team.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:53:39.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8","https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa","https://nvd.nist.gov/vuln/detail/CVE-2023-27579","https://github.com/advisories/GHSA-5w96-866f-6rm8"],"source_kind":"github","identifiers":["GHSA-5w96-866f-6rm8","CVE-2023-27579"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.346Z","updated_at":"2026-05-22T03:11:03.456Z","epss_percentage":0.00206,"epss_percentile":0.42914,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01dzk2LTg2NmYtNnJtOM4AAyTy","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01dzk2LTg2NmYtNnJtOM4AAyTy","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01dzk2LTg2NmYtNnJtOM4AAyTy/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02OHYzLWc5Y20tcm1tNs4AAyTx","url":"https://github.com/advisories/GHSA-68v3-g9cm-rmm6","title":"TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad","description":"### Impact\nOut of bounds read in GRUBlockCellGrad\n```python\nfunc = tf.raw_ops.GRUBlockCellGrad\n\npara = {'x': [[21.1, 156.2], [83.3, 115.4]], 'h_prev': array([[136.5],\n      [136.6]]), 'w_ru': array([[26.7,  0.8],\n      [47.9, 26.1],\n      [26.2, 26.3]]), 'w_c': array([[ 0.4],\n      [31.5],\n      [ 0.6]]), 'b_ru': array([0.1, 0.2 ], dtype=float32), 'b_c': 0x41414141, 'r': array([[0.3],\n      [0.4]], dtype=float32), 'u': array([[5.7],\n      [5.8]]), 'c': array([[52.9],\n      [53.1]]), 'd_h': array([[172.2],\n      [188.3 ]])}\n```\n\n### Patches\nWe have patched the issue in GitHub commit [ff459137c2716a2a60f7d441b855fcb466d778cb](https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb).\n\nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by r3pwnx.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-24T21:53:25.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6","https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb","https://nvd.nist.gov/vuln/detail/CVE-2023-25658","https://github.com/advisories/GHSA-68v3-g9cm-rmm6"],"source_kind":"github","identifiers":["GHSA-68v3-g9cm-rmm6","CVE-2023-25658"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2023-03-24T22:03:48.356Z","updated_at":"2026-05-09T06:07:48.116Z","epss_percentage":0.00053,"epss_percentile":0.16502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02OHYzLWc5Y20tcm1tNs4AAyTx","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02OHYzLWc5Y20tcm1tNs4AAyTx","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.11.1","vulnerable_version_range":"\u003c 2.11.1"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02OHYzLWc5Y20tcm1tNs4AAyTx/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04dzVnLTN3Y3YtOWcyas4AAv_l","url":"https://github.com/advisories/GHSA-8w5g-3wcv-9g2j","title":"Tensorflow vulnerable to Out-of-Bounds Read","description":"### Impact\nWhen the [`BaseCandidateSamplerOp`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc) function  receives a value in `true_classes` larger than `range_max`, a heap oob vuln occurs.\n```python\ntf.raw_ops.ThreadUnsafeUnigramCandidateSampler(\n    true_classes=[[0x100000,1]],\n    num_true = 2,\n    num_sampled = 2,\n    unique = False,\n    range_max = 2,\n    seed = 2,\n    seed2 = 2)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [b389f5c944cadfdfe599b3f1e4026e036f30d2d4](https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Yu Tian of Qihoo 360 AIVul Team.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-22T00:10:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j","https://nvd.nist.gov/vuln/detail/CVE-2022-41880","https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc","https://github.com/advisories/GHSA-8w5g-3wcv-9g2j"],"source_kind":"github","identifiers":["GHSA-8w5g-3wcv-9g2j","CVE-2022-41880"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.271Z","updated_at":"2026-06-02T03:09:15.336Z","epss_percentage":0.0016,"epss_percentile":0.36559,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04dzVnLTN3Y3YtOWcyas4AAv_l","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04dzVnLTN3Y3YtOWcyas4AAv_l","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"},{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"},{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"},{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04dzVnLTN3Y3YtOWcyas4AAv_l/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jcXZxLWZ2aHItdjZoY84AAv_Z","url":"https://github.com/advisories/GHSA-cqvq-fvhr-v6hc","title":"`CHECK` failure in `SobolSample` via missing validation","description":"### Impact\nAnother instance of CVE-2022-35935, where `SobolSample` is vulnerable to a denial of service via assumed scalar inputs, was found and fixed.\n```python\nimport tensorflow as tf\ntf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1]))\n```\n\n### Patches\nWe have patched the issue in GitHub commits [c65c67f88ad770662e8f191269a907bf2b94b1bf](https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf) and [02400ea266bd811fc016a848445de1bbff3a23a0](https://github.com/tensorflow/tensorflow/commit/02400ea266bd811fc016a848445de1bbff3a23a0)\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick both commits on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. TensorFlow 2.7.4 will have the first commit cherrypicked.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by:\n- Kang Hong Jin from Singapore Management University\n- Neophytos Christou, Secure Systems Labs, Brown University\n- 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology\n- Pattarakrit Rattankul\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-11-21T23:51:53.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc","https://github.com/advisories/GHSA-cqvq-fvhr-v6hc"],"source_kind":"github","identifiers":["GHSA-cqvq-fvhr-v6hc"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.515Z","updated_at":"2026-06-02T03:09:15.345Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcXZxLWZ2aHItdjZoY84AAv_Z","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jcXZxLWZ2aHItdjZoY84AAv_Z","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcXZxLWZ2aHItdjZoY84AAv_Z/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14ZjgzLXE3NjUteG02bc4AAv_Y","url":"https://github.com/advisories/GHSA-xf83-q765-xm6m","title":"`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode","description":"### Impact\nAnother instance of CVE-2022-35991, where `TensorListScatter` and `TensorListScatterV2` crash via non scalar inputs in`element_shape`, was found in eager mode and fixed.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)\narg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_3=''\ntf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1, \nelement_shape=arg_2, name=arg_3)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf9932fc907aff0e9e8cccf769e8b00d30fd81a1](https://github.com/tensorflow/tensorflow/commit/bf9932fc907aff0e9e8cccf769e8b00d30fd81a1).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-11-21T23:51:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m","https://github.com/advisories/GHSA-xf83-q765-xm6m"],"source_kind":"github","identifiers":["GHSA-xf83-q765-xm6m"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.524Z","updated_at":"2026-06-02T03:09:15.345Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14ZjgzLXE3NjUteG02bc4AAv_Y","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14ZjgzLXE3NjUteG02bc4AAv_Y","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14ZjgzLXE3NjUteG02bc4AAv_Y/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wZjM2LXI5YzYtaDk3as4AAv_H","url":"https://github.com/advisories/GHSA-pf36-r9c6-h97j","title":"Invalid char to bool conversion when printing a tensor","description":"### Impact\nWhen [printing a tensor](https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227), we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash.\n\n### Patches\nWe have patched the issue in GitHub commit [1be743703279782a357adbf9b77dcb994fe8b508](https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508).\n\nThe fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability was discovered via internal fuzzing.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T22:18:11.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j","https://nvd.nist.gov/vuln/detail/CVE-2022-41911","https://github.com/tensorflow/tensorflow/commit/1be743703279782a357adbf9b77dcb994fe8b508","https://github.com/tensorflow/tensorflow/blob/807cae8a807960fd7ac2313cde73a11fc15e7942/tensorflow/core/framework/tensor.cc#L1200-L1227","https://github.com/advisories/GHSA-pf36-r9c6-h97j"],"source_kind":"github","identifiers":["GHSA-pf36-r9c6-h97j","CVE-2022-41911"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.904Z","updated_at":"2026-06-02T03:09:16.295Z","epss_percentage":0.00158,"epss_percentile":0.36316,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZjM2LXI5YzYtaDk3as4AAv_H","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wZjM2LXI5YzYtaDk3as4AAv_H","packages":[{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"},{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZjM2LXI5YzYtaDk3as4AAv_H/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mcnFwLXdwODMtcWdnds4AAv_G","url":"https://github.com/advisories/GHSA-frqp-wp83-qggv","title":"Heap overflow in `QuantizeAndDequantizeV2`","description":"### Impact\nThe function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\n```python\nimport tensorflow as tf\n@tf.function\ndef test():\n    tf.raw_ops.QuantizeAndDequantizeV2(input=[2.5],\n    \t\t\t\t\t\t\t\t   input_min=[1.0],\n    \t\t\t\t\t\t\t\t   input_max=[10.0],\n    \t\t\t\t\t\t\t\t   signed_input=True,\n    \t\t\t\t\t\t\t\t   num_bits=1,\n    \t\t\t\t\t\t\t\t   range_given=True,\n    \t\t\t\t\t\t\t\t   round_mode='HALF_TO_EVEN',\n    \t\t\t\t\t\t\t\t   narrow_range=True,\n    \t\t\t\t\t\t\t\t   axis=0x7fffffff)\ntest()\n```\n\n### Patches\nWe have patched the issue in GitHub commit [7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb](https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb).\n\nThe fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T22:17:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv","https://nvd.nist.gov/vuln/detail/CVE-2022-41910","https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221","https://github.com/advisories/GHSA-frqp-wp83-qggv"],"source_kind":"github","identifiers":["GHSA-frqp-wp83-qggv","CVE-2022-41910"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.913Z","updated_at":"2026-06-02T03:09:16.295Z","epss_percentage":0.00323,"epss_percentile":0.5554,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcnFwLXdwODMtcWdnds4AAv_G","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mcnFwLXdwODMtcWdnds4AAv_G","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcnFwLXdwODMtcWdnds4AAv_G/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yang2LXY0NzQtMmNoOc4AAv_F","url":"https://github.com/advisories/GHSA-rjx6-v474-2ch9","title":"Segfault in `CompositeTensorVariantToComponents`","description":"### Impact\nAn input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in [`tf.raw_ops.CompositeTensorVariantToComponents`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc).\n\n```python\nimport tensorflow as tf\n\nencode = tf.raw_ops.EmptyTensorList(element_dtype=tf.int32, element_shape=[10, 15], max_num_elements=2)\nmeta= \"\"\ncomponent=[tf.int32]\n\nprint(tf.raw_ops.CompositeTensorVariantToComponents(encoded=encode,metadata=meta,Tcomponents=component))\n```\n\n### Patches\nWe have patched the issue in GitHub commits [bf594d08d377dc6a3354d9fdb494b32d45f91971](https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971) and [660ce5a89eb6766834bdc303d2ab3902aef99d3d](https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by pattarakritr@smu.edu.sg\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T22:17:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9","https://nvd.nist.gov/vuln/detail/CVE-2022-41909","https://github.com/tensorflow/tensorflow/commit/660ce5a89eb6766834bdc303d2ab3902aef99d3d","https://github.com/tensorflow/tensorflow/commit/bf594d08d377dc6a3354d9fdb494b32d45f91971","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc","https://github.com/advisories/GHSA-rjx6-v474-2ch9"],"source_kind":"github","identifiers":["GHSA-rjx6-v474-2ch9","CVE-2022-41909"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.920Z","updated_at":"2026-06-02T03:09:16.296Z","epss_percentage":0.00484,"epss_percentile":0.65522,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yang2LXY0NzQtMmNoOc4AAv_F","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yang2LXY0NzQtMmNoOc4AAv_F","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yang2LXY0NzQtMmNoOc4AAv_F/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1tdjc3LTlnMjgtY3dnM84AAv_E","url":"https://github.com/advisories/GHSA-mv77-9g28-cwg3","title":"`CHECK` fail via inputs in `PyFunc`","description":"### Impact\nAn input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in [`tf.raw_ops.PyFunc`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc).\n\n```python\nimport tensorflow as tf\n\nvalue = tf.constant(value=[1,2])\ntoken = b'\\xb0'\ndataType = [tf.int32]\n\ntf.raw_ops.PyFunc(input=value,token=token,Tout=dataType)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [9f03a9d3bafe902c1e6beb105b2f24172f238645](https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by pattarakritr@smu.edu.sg\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T22:09:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3","https://nvd.nist.gov/vuln/detail/CVE-2022-41908","https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc","https://github.com/advisories/GHSA-mv77-9g28-cwg3"],"source_kind":"github","identifiers":["GHSA-mv77-9g28-cwg3","CVE-2022-41908"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.929Z","updated_at":"2026-06-02T03:09:16.297Z","epss_percentage":0.00313,"epss_percentile":0.54531,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tdjc3LTlnMjgtY3dnM84AAv_E","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1tdjc3LTlnMjgtY3dnM84AAv_E","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tdjc3LTlnMjgtY3dnM84AAv_E/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0zNjh2LTd2MzItNTJmeM4AAv_D","url":"https://github.com/advisories/GHSA-368v-7v32-52fx","title":"Overflow in `ResizeNearestNeighborGrad`","description":"### Impact\nWhen [`tf.raw_ops.ResizeNearestNeighborGrad`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc) is given a large `size` input, it overflows.\n```\nimport tensorflow as tf\n\nalign_corners = True\nhalf_pixel_centers = False\ngrads = tf.constant(1, shape=[1,8,16,3], dtype=tf.float16)\nsize = tf.constant([1879048192,1879048192], shape=[2], dtype=tf.int32)\ntf.raw_ops.ResizeNearestNeighborGrad(grads=grads, size=size, align_corners=align_corners, half_pixel_centers=half_pixel_centers)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [00c821af032ba9e5f5fa3fe14690c8d28a657624](https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou from the Secure Systems Lab (SSL) at Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T22:04:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx","https://nvd.nist.gov/vuln/detail/CVE-2022-41907","https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc","https://github.com/advisories/GHSA-368v-7v32-52fx"],"source_kind":"github","identifiers":["GHSA-368v-7v32-52fx","CVE-2022-41907"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.937Z","updated_at":"2026-06-02T03:09:16.297Z","epss_percentage":0.00148,"epss_percentile":0.34962,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNjh2LTd2MzItNTJmeM4AAv_D","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zNjh2LTd2MzItNTJmeM4AAv_D","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNjh2LTd2MzItNTJmeM4AAv_D/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jZzg4LXJwdnAtY2p2Nc4AAv_C","url":"https://github.com/advisories/GHSA-cg88-rpvp-cjv5","title":"Out of bounds write in grappler in Tensorflow","description":"### Impact\nThe function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\n\n### Patches\nWe have patched the issue in GitHub commit [a65411a1d69edfb16b25907ffb8f73556ce36bb7](https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7).\n\nThe fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-11-21T22:04:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5","https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7","https://nvd.nist.gov/vuln/detail/CVE-2022-41902","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221","https://github.com/advisories/GHSA-cg88-rpvp-cjv5"],"source_kind":"github","identifiers":["GHSA-cg88-rpvp-cjv5","CVE-2022-41902"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.946Z","updated_at":"2026-06-02T03:07:46.915Z","epss_percentage":0.00295,"epss_percentile":0.53004,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jZzg4LXJwdnAtY2p2Nc4AAv_C","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jZzg4LXJwdnAtY2p2Nc4AAv_C","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jZzg4LXJwdnAtY2p2Nc4AAv_C/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1nOWZtLXI1bW0tcmY5Zs4AAv_B","url":"https://github.com/advisories/GHSA-g9fm-r5mm-rf9f","title":"`CHECK_EQ` fail via input in `SparseMatrixNNZ`","description":"### Impact\nAn input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in [`tf.raw_ops.SparseMatrixNNZ`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h).\n\n```python\nimport tensorflow as tf\ntf.raw_ops.SparseMatrixNNZ(sparse_matrix=[])\n```\n\n### Patches\nWe have patched the issue in GitHub commit [f856d02e5322821aad155dad9b3acab1e9f5d693](https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Kang Hong Jin\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T22:03:54.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f","https://nvd.nist.gov/vuln/detail/CVE-2022-41901","https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h","https://github.com/advisories/GHSA-g9fm-r5mm-rf9f"],"source_kind":"github","identifiers":["GHSA-g9fm-r5mm-rf9f","CVE-2022-41901"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.954Z","updated_at":"2026-06-02T03:09:16.298Z","epss_percentage":0.0035,"epss_percentile":0.5755,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nOWZtLXI1bW0tcmY5Zs4AAv_B","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nOWZtLXI1bW0tcmY5Zs4AAv_B","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nOWZtLXI1bW0tcmY5Zs4AAv_B/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14dndwLWg2anYtNzQ3Ms4AAv_A","url":"https://github.com/advisories/GHSA-xvwp-h6jv-7472","title":"FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess","description":"### Impact\nAn input `pooling_ratio` that is smaller than 1 will trigger a heap OOB in [`tf.raw_ops.FractionalMaxPool`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc) and [`tf.raw_ops.FractionalAvgPool`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_avg_pool_op.cc).\n\n### Patches\nWe have patched the issue in GitHub commit [216525144ee7c910296f5b05d214ca1327c9ce48](https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48).\n\nThe fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-11-21T22:03:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472","https://nvd.nist.gov/vuln/detail/CVE-2022-41900","https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48","https://github.com/advisories/GHSA-xvwp-h6jv-7472"],"source_kind":"github","identifiers":["GHSA-xvwp-h6jv-7472","CVE-2022-41900"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.963Z","updated_at":"2026-06-02T03:09:16.299Z","epss_percentage":0.01243,"epss_percentile":0.795,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14dndwLWg2anYtNzQ3Ms4AAv_A","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14dndwLWg2anYtNzQ3Ms4AAv_A","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14dndwLWg2anYtNzQ3Ms4AAv_A/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0yN3JjLTcyOGYteDV3Ms4AAv-_","url":"https://github.com/advisories/GHSA-27rc-728f-x5w2","title":"`CHECK` fail via inputs in `SdcaOptimizer`","description":"### Impact\nInputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in [`SdcaOptimizer`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc).\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.SdcaOptimizer(\n    sparse_example_indices=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.int64, maxval=100)],\n    sparse_feature_indices=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.int64, maxval=100)],\n    sparse_feature_values=8 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],\n    dense_features=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],\n    example_weights=tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100),\n    example_labels=tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100),\n    sparse_indices=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.int64, maxval=100)],\n    sparse_weights=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],\n    dense_weights=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],\n    example_state_data=tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100),\n    loss_type=\"squared_loss\",\n    l1=0.0,\n    l2=0.0,\n    num_loss_partitions=1,\n    num_inner_iterations=1,\n    adaptative=False,)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [80ff197d03db2a70c6a111f97dcdacad1b0babfa](https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Zizhuang Deng of IIE, UCAS\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T21:54:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2","https://nvd.nist.gov/vuln/detail/CVE-2022-41899","https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc","https://github.com/advisories/GHSA-27rc-728f-x5w2"],"source_kind":"github","identifiers":["GHSA-27rc-728f-x5w2","CVE-2022-41899"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.971Z","updated_at":"2026-06-02T03:09:17.113Z","epss_percentage":0.00187,"epss_percentile":0.40147,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yN3JjLTcyOGYteDV3Ms4AAv-_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0yN3JjLTcyOGYteDV3Ms4AAv-_","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3"],"unaffected_versions":["2.8.4","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.9.3","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3"],"unaffected_versions":["2.8.4","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.9.3","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yN3JjLTcyOGYteDV3Ms4AAv-_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ocTdnLXd3d3AtcTQ2aM4AAv--","url":"https://github.com/advisories/GHSA-hq7g-wwwp-q46h","title":"`CHECK` fail via inputs in `SparseFillEmptyRowsGrad`","description":"### Impact\nIf [`SparseFillEmptyRowsGrad`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc) is given empty inputs, TensorFlow will crash.\n\n```python\nimport tensorflow as tf\ntf.raw_ops.SparseFillEmptyRowsGrad(\n    reverse_index_map=[], grad_values=[], name=None\n)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [af4a6a3c8b95022c351edae94560acc61253a1b8](https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Jiawei Liu, PhD student at University of Illinois, Urbana-Champaign.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T21:54:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h","https://nvd.nist.gov/vuln/detail/CVE-2022-41898","https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc","https://github.com/advisories/GHSA-hq7g-wwwp-q46h"],"source_kind":"github","identifiers":["GHSA-hq7g-wwwp-q46h","CVE-2022-41898"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.979Z","updated_at":"2026-06-02T03:09:17.114Z","epss_percentage":0.00187,"epss_percentile":0.40147,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocTdnLXd3d3AtcTQ2aM4AAv--","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ocTdnLXd3d3AtcTQ2aM4AAv--","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocTdnLXd3d3AtcTQ2aM4AAv--/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mMnc4LWp3NDgtZnI3as4AAv-9","url":"https://github.com/advisories/GHSA-f2w8-jw48-fr7j","title":"`FractionalMaxPoolGrad` Heap out of bounds read","description":"### Impact\nIf [`FractionMaxPoolGrad`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc) is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash.\n\n```python\nimport tensorflow as tf\ntf.raw_ops.FractionMaxPoolGrad(\n\torig_input = [[[[1, 1, 1, 1, 1]]]],\n    orig_output = [[[[1, 1, 1]]]],\n    out_backprop = [[[[3], [3], [6]]]],\n    row_pooling_sequence = [-0x4000000, 1, 1], \n    col_pooling_sequence = [-0x4000000, 1, 1], \n    overlapping = False\n )\n```\n\n### Patches\nWe have patched the issue in GitHub commit [d71090c3e5ca325bdf4b02eb236cfb3ee823e927](https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Vul AI.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T21:54:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j","https://nvd.nist.gov/vuln/detail/CVE-2022-41897","https://github.com/tensorflow/tensorflow/commit/d71090c3e5ca325bdf4b02eb236cfb3ee823e927","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/fractional_max_pool_op.cc","https://github.com/advisories/GHSA-f2w8-jw48-fr7j"],"source_kind":"github","identifiers":["GHSA-f2w8-jw48-fr7j","CVE-2022-41897"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:49.988Z","updated_at":"2026-06-02T03:09:17.115Z","epss_percentage":0.0015,"epss_percentile":0.3512,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mMnc4LWp3NDgtZnI3as4AAv-9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mMnc4LWp3NDgtZnI3as4AAv-9","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mMnc4LWp3NDgtZnI3as4AAv-9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ybWcyLWY2OTgtd3EzNc4AAv-8","url":"https://github.com/advisories/GHSA-rmg2-f698-wq35","title":"`tf.raw_ops.Mfcc` crashes","description":"### Impact\nIf [`ThreadUnsafeUnigramCandidateSampler`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc) is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash.\n\n```python\nimport tensorflow as tf\ntf.raw_ops.Mfcc(\n    spectrogram = [[[1.38, 6.32, 5.75, 9.51]]],\n    sample_rate = 2,\n    upper_frequency_limit = 5.0,\n    lower_frequency_limit = 1.0,\n    filterbank_channel_count = 2**31 - 1,\n    dct_coefficient_count = 1\n)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [39ec7eaf1428e90c37787e5b3fbd68ebd3c48860](https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Vul AI.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T21:53:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35","https://nvd.nist.gov/vuln/detail/CVE-2022-41896","https://github.com/tensorflow/tensorflow/commit/39ec7eaf1428e90c37787e5b3fbd68ebd3c48860","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc","https://github.com/advisories/GHSA-rmg2-f698-wq35"],"source_kind":"github","identifiers":["GHSA-rmg2-f698-wq35","CVE-2022-41896"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.003Z","updated_at":"2026-06-02T03:09:17.116Z","epss_percentage":0.00187,"epss_percentile":0.40147,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybWcyLWY2OTgtd3EzNc4AAv-8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ybWcyLWY2OTgtd3EzNc4AAv-8","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybWcyLWY2OTgtd3EzNc4AAv-8/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ncTJqLWNyOTYtZ3ZxeM4AAv-2","url":"https://github.com/advisories/GHSA-gq2j-cr96-gvqx","title":"`MirrorPadGrad` heap out of bounds read","description":"### Impact\nIf [`MirrorPadGrad`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc) is given outsize input `paddings`, TensorFlow will give a heap OOB error.\n\n```python\nimport tensorflow as tf\ntf.raw_ops.MirrorPadGrad(input=[1],\n             paddings=[[0x77f00000,0xa000000]],\n             mode = 'REFLECT')\n```\n\n### Patches\nWe have patched the issue in GitHub commit [717ca98d8c3bba348ff62281fdf38dcb5ea1ec92](https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Vul AI.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:44:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx","https://nvd.nist.gov/vuln/detail/CVE-2022-41895","https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc","https://github.com/advisories/GHSA-gq2j-cr96-gvqx"],"source_kind":"github","identifiers":["GHSA-gq2j-cr96-gvqx","CVE-2022-41895"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.012Z","updated_at":"2026-06-02T03:09:17.117Z","epss_percentage":0.0015,"epss_percentile":0.3512,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ncTJqLWNyOTYtZ3ZxeM4AAv-2","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ncTJqLWNyOTYtZ3ZxeM4AAv-2","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ncTJqLWNyOTYtZ3ZxeM4AAv-2/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02N3BmLTYyeHItcTM1bc4AAv-0","url":"https://github.com/advisories/GHSA-67pf-62xr-q35m","title":"`CHECK_EQ` fail in `tf.raw_ops.TensorListResize`","description":"### Impact\nIf [`tf.raw_ops.TensorListResize`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc) is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack.\n```python\nimport numpy as np\nimport tensorflow as tf\n\na = data_structures.tf_tensor_list_new(elements = tf.constant(value=[3, 4, 5]))\nb = np.zeros([0, 2, 3, 3])\n\ntf.raw_ops.TensorListResize(input_handle=a, size=b)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [888e34b49009a4e734c27ab0c43b0b5102682c56](https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:42:39.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m","https://nvd.nist.gov/vuln/detail/CVE-2022-41893","https://github.com/tensorflow/tensorflow/commit/888e34b49009a4e734c27ab0c43b0b5102682c56","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.cc","https://github.com/advisories/GHSA-67pf-62xr-q35m"],"source_kind":"github","identifiers":["GHSA-67pf-62xr-q35m","CVE-2022-41893"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.029Z","updated_at":"2026-06-02T03:09:17.118Z","epss_percentage":0.00195,"epss_percentile":0.41107,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02N3BmLTYyeHItcTM1bc4AAv-0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02N3BmLTYyeHItcTM1bc4AAv-0","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02N3BmLTYyeHItcTM1bc4AAv-0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02NnZxLTU0ZnEtNmp2ds4AAv-z","url":"https://github.com/advisories/GHSA-66vq-54fq-6jvv","title":"Segfault in `tf.raw_ops.TensorListConcat`","description":"### Impact\nIf [`tf.raw_ops.TensorListConcat`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h) is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\ntf.raw_ops.TensorListConcat(\n    input_handle=tf.data.experimental.to_variant(tf.data.Dataset.from_tensor_slices([1, 2, 3])),\n    element_dtype=tf.dtypes.float32,\n    element_shape=[]\n)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [fc33f3dc4c14051a83eec6535b608abe1d355fde](https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Tong Liu, ShanghaiTech University\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:42:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv","https://nvd.nist.gov/vuln/detail/CVE-2022-41891","https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h","https://github.com/advisories/GHSA-66vq-54fq-6jvv"],"source_kind":"github","identifiers":["GHSA-66vq-54fq-6jvv","CVE-2022-41891"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.037Z","updated_at":"2026-06-02T03:09:17.118Z","epss_percentage":0.00187,"epss_percentile":0.40147,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NnZxLTU0ZnEtNmp2ds4AAv-z","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02NnZxLTU0ZnEtNmp2ds4AAv-z","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NnZxLTU0ZnEtNmp2ds4AAv-z/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1oMjQ2LWNnaDQtNzQ3Nc4AAv-y","url":"https://github.com/advisories/GHSA-h246-cgh4-7475","title":"`CHECK` fail in `BCast` overflow","description":"### Impact\nIf [`BCast::ToShape`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h) is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in [`tf.experimental.numpy.outer`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h) by passing in large input to the input `b`.\n```python\nimport tensorflow as tf\nvalue = tf.constant(shape=[2, 1024, 1024, 1024], value=False)\ntf.experimental.numpy.outer(a=6,b=value)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [8310bf8dd188ff780e7fc53245058215a05bdbe5](https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:42:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475","https://nvd.nist.gov/vuln/detail/CVE-2022-41890","https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h","https://github.com/advisories/GHSA-h246-cgh4-7475"],"source_kind":"github","identifiers":["GHSA-h246-cgh4-7475","CVE-2022-41890"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.046Z","updated_at":"2026-06-02T03:09:17.119Z","epss_percentage":0.00143,"epss_percentile":0.3422,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMjQ2LWNnaDQtNzQ3Nc4AAv-y","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oMjQ2LWNnaDQtNzQ3Nc4AAv-y","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMjQ2LWNnaDQtNzQ3Nc4AAv-y/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14eGNqLXJocWctbTQ2Z84AAv-x","url":"https://github.com/advisories/GHSA-xxcj-rhqg-m46g","title":"Segfault via invalid attributes in `pywrap_tfe_src.cc`","description":"### Impact\nIf a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in [`tf.compat.v1.extract_volume_patches`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc) by passing in quantized tensors as input `ksizes`.\n```python\nimport numpy as np\nimport tensorflow as tf\n\na_input = np.array([1, -1], dtype= np.int32)\na_ksizes =  a_strides = tf.constant(dtype=tf.dtypes.qint16, value=[[1, 4], [5, 2]])\n\n\ntf.compat.v1.extract_volume_patches(input=a_input,ksizes=a_ksizes,strides=a_strides,padding='VALID')\n```\n\n### Patches\nWe have patched the issue in GitHub commit [e9e95553e5411834d215e6770c81a83a3d0866ce](https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:42:00.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.5,"cvss_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g","https://nvd.nist.gov/vuln/detail/CVE-2022-41889","https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc","https://github.com/advisories/GHSA-xxcj-rhqg-m46g"],"source_kind":"github","identifiers":["GHSA-xxcj-rhqg-m46g","CVE-2022-41889"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.055Z","updated_at":"2026-06-02T03:09:17.120Z","epss_percentage":0.00123,"epss_percentile":0.31039,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14eGNqLXJocWctbTQ2Z84AAv-x","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14eGNqLXJocWctbTQ2Z84AAv-x","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14eGNqLXJocWctbTQ2Z84AAv-x/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02eDk5LWd2MnYtcTc2ds4AAv-w","url":"https://github.com/advisories/GHSA-6x99-gv2v-q76v","title":"FPE in `tf.image.generate_bounding_box_proposals`","description":"### Impact\nWhen running on GPU, [`tf.image.generate_bounding_box_proposals`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc) receives a `scores` input that must be of rank 4 but is not checked.\n```python\nimport tensorflow as tf\n\na = tf.constant(value=[[1.0, 1.0], [1.0, 1.0], [1.0, 1.0], [1.0, 1.0]])\nb = tf.constant(value=[1])\n\ntf.image.generate_bounding_box_proposals(scores=a,bbox_deltas=a,image_info=a,anchors=a,pre_nms_topn=b)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [cf35502463a88ca7185a99daa7031df60b3c1c98](https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:41:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v","https://nvd.nist.gov/vuln/detail/CVE-2022-41888","https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc","https://github.com/advisories/GHSA-6x99-gv2v-q76v"],"source_kind":"github","identifiers":["GHSA-6x99-gv2v-q76v","CVE-2022-41888"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.064Z","updated_at":"2026-06-02T03:09:17.120Z","epss_percentage":0.0024,"epss_percentile":0.47296,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02eDk5LWd2MnYtcTc2ds4AAv-w","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02eDk5LWd2MnYtcTc2ds4AAv-w","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02eDk5LWd2MnYtcTc2ds4AAv-w/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04ZnZ2LTQ2aHctdnBnM84AAv-v","url":"https://github.com/advisories/GHSA-8fvv-46hw-vpg3","title":"Overflow in `tf.keras.losses.poisson`","description":"### Impact\n[`tf.keras.losses.poisson`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py) receives a `y_pred` and `y_true` that are passed through `functor::mul` in [`BinaryOp`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h). If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment.\n```python\nimport numpy as np\nimport tensorflow as tf\n\ntrue_value = tf.reshape(shape=[1, 2500000000], tensor = tf.zeros(dtype=tf.bool, shape=[50000, 50000]))\npred_value = np.array([[[-2]], [[8]]], dtype = np.float64)\n\ntf.keras.losses.poisson(y_true=true_value,y_pred=pred_value)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c](https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattankul.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:41:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fvv-46hw-vpg3","https://nvd.nist.gov/vuln/detail/CVE-2022-41887","https://github.com/tensorflow/tensorflow/commit/c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/cwise_ops_common.h","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/keras/losses.py","https://github.com/advisories/GHSA-8fvv-46hw-vpg3"],"source_kind":"github","identifiers":["GHSA-8fvv-46hw-vpg3","CVE-2022-41887"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.072Z","updated_at":"2026-06-02T03:09:17.121Z","epss_percentage":0.00142,"epss_percentile":0.33875,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04ZnZ2LTQ2aHctdnBnM84AAv-v","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04ZnZ2LTQ2aHctdnBnM84AAv-v","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003c 2.9.3"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.8.4","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003c 2.9.3"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.8.4","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003c 2.9.3"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.8.4","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04ZnZ2LTQ2aHctdnBnM84AAv-v/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03NjJoLXZwdnctM3JjeM4AAv-t","url":"https://github.com/advisories/GHSA-762h-vpvw-3rcx","title":"Overflow in `FusedResizeAndPadConv2D`","description":"### Impact\nWhen [`tf.raw_ops.FusedResizeAndPadConv2D`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc) is given a large tensor shape, it overflows.\n```python\nimport tensorflow as tf\n\nmode = \"REFLECT\"\nstrides = [1, 1, 1, 1]\npadding = \"SAME\"\nresize_align_corners = False\ninput = tf.constant(147, shape=[3,3,1,1], dtype=tf.float16)\nsize = tf.constant([1879048192,1879048192], shape=[2], dtype=tf.int32)\npaddings = tf.constant([3,4], shape=[2], dtype=tf.int32)\nfilter = tf.constant(123, shape=[1,3,4,1], dtype=tf.float16)\ntf.raw_ops.FusedResizeAndPadConv2D(input=input, size=size, paddings=paddings, filter=filter, mode=mode, strides=strides, padding=padding, resize_align_corners=resize_align_corners)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [d66e1d568275e6a2947de97dca7a102a211e01ce](https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou from the Secure Systems Lab (SSL) at Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:40:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx","https://nvd.nist.gov/vuln/detail/CVE-2022-41885","https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc","https://github.com/advisories/GHSA-762h-vpvw-3rcx"],"source_kind":"github","identifiers":["GHSA-762h-vpvw-3rcx","CVE-2022-41885"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.088Z","updated_at":"2026-06-02T03:09:18.082Z","epss_percentage":0.00168,"epss_percentile":0.37595,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NjJoLXZwdnctM3JjeM4AAv-t","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03NjJoLXZwdnctM3JjeM4AAv-t","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.4","vulnerable_version_range":"\u003c 2.7.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.8.0","2.8.0rc0","2.8.0rc1","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2"],"unaffected_versions":["2.7.4","2.8.1","2.8.2","2.8.3","2.8.4","2.9.1","2.9.2","2.9.3","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.4","vulnerable_version_range":"\u003c 2.7.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.8.0","2.8.0rc0","2.8.0rc1","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2"],"unaffected_versions":["2.7.4","2.8.1","2.8.2","2.8.3","2.8.4","2.9.1","2.9.2","2.9.3","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.4","vulnerable_version_range":"\u003c 2.7.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.8.0","2.8.0rc0","2.8.0rc1","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2"],"unaffected_versions":["2.7.4","2.8.1","2.8.2","2.8.3","2.8.4","2.9.1","2.9.2","2.9.3","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NjJoLXZwdnctM3JjeM4AAv-t/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qcTZ4LTk5aGotcTYzNs4AAv-s","url":"https://github.com/advisories/GHSA-jq6x-99hj-q636","title":"Seg fault in `ndarray_tensor_bridge` due to zero and large inputs","description":"### Impact\nIf a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error:\n```python\nnp.ones((0, 2**31, 2**31))\n```\nAn example of a proof of concept:\n```python\nimport numpy as np\nimport tensorflow as tf\n\ninput_val = tf.constant([1])\nshape_val = np.array([i for i in range(21)])\n\ntf.broadcast_to(input=input_val,shape=shape_val)\n```\nThe return value of `PyArray_SimpleNewFromData`, which returns null on such shapes, is not checked.\n\n### Patches\nWe have patched the issue in GitHub commit [2b56169c16e375c521a3bc8ea658811cc0793784](https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Pattarakrit Rattanukul.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:39:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636","https://nvd.nist.gov/vuln/detail/CVE-2022-41884","https://github.com/tensorflow/tensorflow/commit/2b56169c16e375c521a3bc8ea658811cc0793784","https://github.com/advisories/GHSA-jq6x-99hj-q636"],"source_kind":"github","identifiers":["GHSA-jq6x-99hj-q636","CVE-2022-41884"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.097Z","updated_at":"2026-06-02T03:09:18.083Z","epss_percentage":0.00133,"epss_percentile":0.32485,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcTZ4LTk5aGotcTYzNs4AAv-s","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qcTZ4LTk5aGotcTYzNs4AAv-s","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-gpu","statistics":{"dependent_packages_count":155,"dependent_repos_count":11499,"downloads":37563,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.12.0"]},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow-cpu","statistics":{"dependent_packages_count":88,"dependent_repos_count":2483,"downloads":1488652,"downloads_period":"last-month"},"affected_versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0","2.21.0rc0","2.21.0rc1"]},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"},{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.8.4","vulnerable_version_range":"\u003c 2.8.4"}],"purl":"pkg:pypi/tensorflow","statistics":{"dependent_packages_count":2172,"dependent_repos_count":73755,"downloads":21880506,"downloads_period":"last-month"},"affected_versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.9.0","1.10.0","1.10.1","1.11.0","1.12.0","1.12.2","1.12.3","1.13.1","1.13.2","1.14.0","1.15.0","1.15.2","1.15.3","1.15.4","1.15.5","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.0rc4","2.2.1","2.2.2","2.2.3","2.3.0","2.3.0rc0","2.3.0rc1","2.3.0rc2","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.0rc3","2.4.0rc4","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.0rc0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.0rc1","2.6.0rc2","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.0rc0","2.7.0rc1","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.0rc0","2.8.0rc1","2.8.1","2.8.2","2.8.3","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3"],"unaffected_versions":["2.8.4","2.9.3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.11.1","2.12.0","2.12.0rc0","2.12.0rc1","2.12.1","2.13.0","2.13.0rc0","2.13.0rc1","2.13.0rc2","2.13.1","2.14.0","2.14.0rc0","2.14.0rc1","2.14.1","2.15.0","2.15.0.post1","2.15.0rc0","2.15.0rc1","2.15.1","2.16.0rc0","2.16.1","2.16.2","2.17.0","2.17.0rc0","2.17.0rc1","2.17.1","2.18.0","2.18.0rc0","2.18.0rc1","2.18.0rc2","2.18.1","2.19.0","2.19.0.dev20250125","2.19.0rc0","2.19.1","2.20.0","2.20.0rc0","2.21.0rc0"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcTZ4LTk5aGotcTYzNs4AAv-s/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13NTh3LTc5eHYtNnZjas4AAv-r","url":"https://github.com/advisories/GHSA-w58w-79xv-6vcj","title":"Out of bounds segmentation fault due to unequal op inputs in Tensorflow","description":"### Impact\n [`tf.raw_ops.DynamicStitch`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/dynamic_stitch_op.cc) specifies input sizes when it is [registered](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/data_flow_ops.cc). \n```cpp\nREGISTER_OP(\"DynamicStitch\")\n    .Input(\"indices: N * int32\")\n    .Input(\"data: N * T\")\n    .Output(\"merged: T\")\n    .Attr(\"N : int \u003e= 1\")\n    .Attr(\"T : type\")\n    .SetShapeFn(DynamicStitchShapeFunction);\n```\nWhen it receives a differing number of inputs, such as when it is called with an `indices` size 1 and a `data` size 2, it will crash.\n```python\nimport tensorflow as tf\n\n# indices = 1*[tf.random.uniform([1,2], dtype=tf.dtypes.int32, maxval=100)]\nindices = [tf.constant([[0, 1]]),]\n\n# data = 2*[tf.random.uniform([1,2], dtype=tf.dtypes.float32, maxval=100)]\ndata = [tf.constant([[5, 6]]), tf.constant([[7, 8]])]\n\ntf.raw_ops.DynamicStitch(\n    indices=indices, \n    data=data)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [f5381e0e10b5a61344109c1b7c174c68110f7629](https://github.com/tensorflow/tensorflow/commit/f5381e0e10b5a61344109c1b7c174c68110f7629).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 as this is also affected.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Zizhuang Deng of IIE, UCAS\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-11-21T20:39:20.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w58w-79xv-6vcj","https://nvd.nist.gov/vuln/detail/CVE-2022-41883","https://github.com/tensorflow/tensorflow/commit/f5381e0e10b5a61344109c1b7c174c68110f7629","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/dynamic_stitch_op.cc","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/data_flow_ops.cc","https://github.com/advisories/GHSA-w58w-79xv-6vcj"],"source_kind":"github","identifiers":["GHSA-w58w-79xv-6vcj","CVE-2022-41883"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.105Z","updated_at":"2026-05-19T22:10:33.598Z","epss_percentage":0.00183,"epss_percentile":0.39677,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NTh3LTc5eHYtNnZjas4AAv-r","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13NTh3LTc5eHYtNnZjas4AAv-r","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"= 2.10.0"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"= 2.10.0"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.10.1","vulnerable_version_range":"= 2.10.0"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NTh3LTc5eHYtNnZjas4AAv-r/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05amp3LWhmNzItM214d84AAvMC","url":"https://github.com/advisories/GHSA-9jjw-hf72-3mxw","title":"TensorFlow vulnerable to heap out of bounds read in filesystem glob matching","description":"### Impact\nThe general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of [the array holding the directories](https://github.com/tensorflow/tensorflow/blob/458c6260265c46ebaf18052d6c61aea4b6b40926/tensorflow/core/platform/file_system_helper.cc#L127):\n\n```cc\nif (!fs-\u003eMatch(child_path, dirs[dir_index])) { ... }\n```\n\nSince `dir_index` is [unconditionaly incremented](https://github.com/tensorflow/tensorflow/blob/458c6260265c46ebaf18052d6c61aea4b6b40926/tensorflow/core/platform/file_system_helper.cc#L106) outside of the lambda function where the vulnerable pattern occurs, this results in an access out of bounds issue under certain scenarios. For example, if `/tmp/x` is a directory that only contains a single file `y`, then the following scenario will cause a crash due to the out of bounds read:\n\n```python\n\u003e\u003e\u003e tf.io.gfile.glob('/tmp/x/')\nSegmentation fault\n```\n\nThere are multiple invariants and preconditions that are assumed by the parallel implementation of `GetMatchingPaths` but are not verified by the PRs introducing it ([#40861](https://github.com/tensorflow/tensorflow/pull/40861) and [#44310](https://github.com/tensorflow/tensorflow/pull/44310)). Thus, we are completely rewriting the implementation to fully specify and validate these.\n\n### Patches\nWe have patched the issue in GitHub commit [8b5b9dc96666a3a5d27fad7179ff215e3b74b67c](https://github.com/tensorflow/tensorflow/commit/8b5b9dc96666a3a5d27fad7179ff215e3b74b67c) and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.\n\nThis issue only impacts master branch and the release candidates for TF version 2.4. The final release of the 2.4 release will be patched.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-10-07T07:22:33.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.2,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9jjw-hf72-3mxw","https://nvd.nist.gov/vuln/detail/CVE-2020-26269","https://github.com/tensorflow/tensorflow/pull/40861","https://github.com/tensorflow/tensorflow/pull/44310","https://github.com/tensorflow/tensorflow/commit/8b5b9dc96666a3a5d27fad7179ff215e3b74b67c","https://github.com/tensorflow/tensorflow/blob/458c6260265c46ebaf18052d6c61aea4b6b40926/tensorflow/core/platform/file_system_helper.cc#L106","https://github.com/tensorflow/tensorflow/blob/458c6260265c46ebaf18052d6c61aea4b6b40926/tensorflow/core/platform/file_system_helper.cc#L127","https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-300.yaml","https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-335.yaml","https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-141.yaml","https://github.com/advisories/GHSA-9jjw-hf72-3mxw"],"source_kind":"github","identifiers":["GHSA-9jjw-hf72-3mxw","CVE-2020-26269"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":35.04809856489007,"created_at":"2022-12-21T16:11:55.859Z","updated_at":"2026-05-28T19:09:12.146Z","epss_percentage":0.0014,"epss_percentile":0.34474,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05amp3LWhmNzItM214d84AAvMC","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05amp3LWhmNzItM214d84AAvMC","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.4.0","vulnerable_version_range":"\u003e= 2.4.0rc0, \u003c 2.4.0"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.4.0","vulnerable_version_range":"\u003e= 2.4.0rc0, \u003c 2.4.0"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.4.0","vulnerable_version_range":"\u003e= 2.4.0rc0, \u003c 2.4.0"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05amp3LWhmNzItM214d84AAvMC/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1tNnZwLThxOWotd2h4NM4AAu27","url":"https://github.com/advisories/GHSA-m6vp-8q9j-whx4","title":"TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`","description":"### Impact\nIf `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nfilename = tf.constant(\"\")\ntensor_names = tf.constant(\"\")\n# Save\ndata = tf.cast(tf.random.uniform(shape=[1], minval=-10000, maxval=10000, dtype=tf.int64, seed=-2021), tf.uint64)\ntf.raw_ops.Save(filename=filename, tensor_names=tensor_names, data=data, )\n# SaveSlices\nshapes_and_slices = tf.constant(\"\")\ndata = tf.cast(tf.random.uniform(shape=[1], minval=-10000, maxval=10000, dtype=tf.int64, seed=9712), tf.uint32)\ntf.raw_ops.SaveSlices(filename=filename, tensor_names=tensor_names, shapes_and_slices=shapes_and_slices, data=data, )\n```\n\n### Patches\nWe have patched the issue in GitHub commit [5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4](https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:31:14.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4","https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35983","https://github.com/advisories/GHSA-m6vp-8q9j-whx4"],"source_kind":"github","identifiers":["GHSA-m6vp-8q9j-whx4","CVE-2022-35983"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.865Z","updated_at":"2026-06-02T03:09:29.000Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNnZwLThxOWotd2h4NM4AAu27","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1tNnZwLThxOWotd2h4NM4AAu27","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNnZwLThxOWotd2h4NM4AAu27/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wMnhmLThoZ20taHB3Nc4AAu26","url":"https://github.com/advisories/GHSA-p2xf-8hgm-hpw5","title":"TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`","description":"### Impact\n`ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nseed = 1618\nseed2 = 0\nshape = tf.random.uniform(shape=[3], minval=-10000, maxval=10000, dtype=tf.int64, seed=4894)\nmeans = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971)\nstdevs = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971)\nminvals = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971)\nmaxvals = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971)\ntf.raw_ops.ParameterizedTruncatedNormal(shape=shape, means=means, stdevs=stdevs, minvals=minvals, maxvals=maxvals, seed=seed, seed2=seed2)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [72180be03447a10810edca700cbc9af690dfeb51](https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:30:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5","https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35984","https://github.com/advisories/GHSA-p2xf-8hgm-hpw5"],"source_kind":"github","identifiers":["GHSA-p2xf-8hgm-hpw5","CVE-2022-35984"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.881Z","updated_at":"2026-06-02T03:09:29.000Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wMnhmLThoZ20taHB3Nc4AAu26","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wMnhmLThoZ20taHB3Nc4AAu26","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wMnhmLThoZ20taHB3Nc4AAu26/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05OTQyLXIyMnYtNzhjcM4AAu25","url":"https://github.com/advisories/GHSA-9942-r22v-78cp","title":"TensorFlow vulnerable to `CHECK` fail in `LRNGrad`","description":"### Impact\nIf `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\ndepth_radius = 1\nbias = 1.59018219\nalpha = 0.117728651\nbeta = 0.404427052\ninput_grads = tf.random.uniform(shape=[4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033)\ninput_image = tf.random.uniform(shape=[4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033)\noutput_image = tf.random.uniform(shape=[4, 4, 4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033)\ntf.raw_ops.LRNGrad(input_grads=input_grads, input_image=input_image, output_image=output_image, depth_radius=depth_radius, bias=bias, alpha=alpha, beta=beta)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bd90b3efab4ec958b228cd7cfe9125be1c0cf255](https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:29:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp","https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35985","https://github.com/advisories/GHSA-9942-r22v-78cp"],"source_kind":"github","identifiers":["GHSA-9942-r22v-78cp","CVE-2022-35985"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.889Z","updated_at":"2026-06-02T03:09:29.001Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OTQyLXIyMnYtNzhjcM4AAu25","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05OTQyLXIyMnYtNzhjcM4AAu25","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OTQyLXIyMnYtNzhjcM4AAu25/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05dnFqLTY0cHYtdzU1Y84AAu23","url":"https://github.com/advisories/GHSA-9vqj-64pv-w55c","title":"TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`","description":"### Impact\nWhen `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\na = tf.constant([], shape=[0, 1, 1], dtype=tf.float32)\ntf.linalg.matrix_rank(a=a)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a](https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Kang Hong Jin.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:28:41.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c","https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35988","https://github.com/advisories/GHSA-9vqj-64pv-w55c"],"source_kind":"github","identifiers":["GHSA-9vqj-64pv-w55c","CVE-2022-35988"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.906Z","updated_at":"2026-06-02T03:09:29.002Z","epss_percentage":0.00074,"epss_percentile":0.22107,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05dnFqLTY0cHYtdzU1Y84AAu23","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05dnFqLTY0cHYtdzU1Y84AAu23","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05dnFqLTY0cHYtdzU1Y84AAu23/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qNDNoLXBnbWctNWhqcc4AAu22","url":"https://github.com/advisories/GHSA-j43h-pgmg-5hjq","title":" TensorFlow vulnerable to `CHECK` fail in `MaxPool`","description":"### Impact\nWhen `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nimport numpy as np\n\ninput = np.ones([1, 1, 1, 1])\nksize = [1, 1, 2, 2]\nstrides = [1, 1, 1, 1]\npadding = 'VALID'\ndata_format = 'NCHW'\n\ntf.raw_ops.MaxPool(input=input, ksize=ksize, strides=strides, padding=padding, data_format=data_format)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [32d7bd3defd134f21a4e344c8dfd40099aaf6b18](https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Jingyi Shi.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:28:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq","https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35989","https://github.com/advisories/GHSA-j43h-pgmg-5hjq"],"source_kind":"github","identifiers":["GHSA-j43h-pgmg-5hjq","CVE-2022-35989"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.914Z","updated_at":"2026-06-02T03:09:29.003Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNDNoLXBnbWctNWhqcc4AAu22","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qNDNoLXBnbWctNWhqcc4AAu22","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNDNoLXBnbWctNWhqcc4AAu22/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0zOTdjLTVnMmotcXhwds4AAu21","url":"https://github.com/advisories/GHSA-397c-5g2j-qxpv","title":"TensorFlow vulnerable to segfault in `SparseBincount`","description":"### Impact\nIf `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nbinary_output = True\nindices = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int64, seed=-1288)\nvalues = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-9366)\ndense_shape = tf.random.uniform(shape=[0], minval=-10000, maxval=10000, dtype=tf.int64, seed=-9878)\nsize = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)\nweights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000)\ntf.raw_ops.SparseBincount(indices=indices, values=values, dense_shape=dense_shape, size=size, weights=weights, binary_output=binary_output)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [40adbe4dd15b582b0210dfbf40c243a62f5119fa](https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:27:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv","https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35982","https://github.com/advisories/GHSA-397c-5g2j-qxpv"],"source_kind":"github","identifiers":["GHSA-397c-5g2j-qxpv","CVE-2022-35982"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.923Z","updated_at":"2026-06-02T03:09:29.003Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zOTdjLTVnMmotcXhwds4AAu21","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zOTdjLTVnMmotcXhwds4AAu21","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zOTdjLTVnMmotcXhwds4AAu21/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12eHY4LXI4cTItNjN4d84AAu20","url":"https://github.com/advisories/GHSA-vxv8-r8q2-63xw","title":"TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`","description":"### Impact\n`FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack:\n```python\nimport tensorflow as tf\n\noverlapping = True\norig_input = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)\norig_output = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)\nout_backprop = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)\nrow_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64)\ncol_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64)\ntf.raw_ops.FractionalMaxPoolGrad(orig_input=orig_input, orig_output=orig_output, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [8741e57d163a079db05a7107a7609af70931def4](https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:26:57.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw","https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35981","https://github.com/advisories/GHSA-vxv8-r8q2-63xw"],"source_kind":"github","identifiers":["GHSA-vxv8-r8q2-63xw","CVE-2022-35981"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.931Z","updated_at":"2026-06-02T03:09:29.004Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12eHY4LXI4cTItNjN4d84AAu20","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12eHY4LXI4cTItNjN4d84AAu20","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12eHY4LXI4cTItNjN4d84AAu20/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12N3Z3LTU3N2YtdnA4eM4AAu2z","url":"https://github.com/advisories/GHSA-v7vw-577f-vp8x","title":"TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6`","description":"### Impact\nIf `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nout_type = tf.quint8\nfeatures = tf.constant(28, shape=[4,2], dtype=tf.quint8)\nmin_features = tf.constant([], shape=[0], dtype=tf.float32)\nmax_features = tf.constant(-128, shape=[1], dtype=tf.float32)\ntf.raw_ops.QuantizedRelu(features=features, min_features=min_features, max_features=max_features, out_type=out_type)\ntf.raw_ops.QuantizedRelu6(features=features, min_features=min_features, max_features=max_features, out_type=out_type)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [49b3824d83af706df0ad07e4e677d88659756d89](https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:26:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x","https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35979","https://github.com/advisories/GHSA-v7vw-577f-vp8x"],"source_kind":"github","identifiers":["GHSA-v7vw-577f-vp8x","CVE-2022-35979"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.940Z","updated_at":"2026-06-02T03:09:29.005Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12N3Z3LTU3N2YtdnA4eM4AAu2z","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12N3Z3LTU3N2YtdnA4eM4AAu2z","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12N3Z3LTU3N2YtdnA4eM4AAu2z/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12Z3ZoLTJwZjQtanIyeM4AAu2y","url":"https://github.com/advisories/GHSA-vgvh-2pf4-jr2x","title":"TensorFlow vulnerable to segfault in `QuantizeDownAndShrinkRange`","description":"### Impact\nIf `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nout_type = tf.quint8\ninput = tf.constant([1], shape=[3], dtype=tf.qint32)\ninput_min = tf.constant([], shape=[0], dtype=tf.float32)\ninput_max = tf.constant(-256, shape=[1], dtype=tf.float32)\ntf.raw_ops.QuantizeDownAndShrinkRange(input=input, input_min=input_min, input_max=input_max, out_type=out_type)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [73ad1815ebcfeb7c051f9c2f7ab5024380ca8613](https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:23:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x","https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35974","https://github.com/advisories/GHSA-vgvh-2pf4-jr2x"],"source_kind":"github","identifiers":["GHSA-vgvh-2pf4-jr2x","CVE-2022-35974"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.948Z","updated_at":"2026-06-02T03:09:29.005Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Z3ZoLTJwZjQtanIyeM4AAu2y","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12Z3ZoLTJwZjQtanIyeM4AAu2y","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Z3ZoLTJwZjQtanIyeM4AAu2y/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02ODljLXI3aDItZnY5ds4AAu2x","url":"https://github.com/advisories/GHSA-689c-r7h2-fv9v","title":"TensorFlow vulnerable to segfault in `QuantizedMatMul`","description":"### Impact\nIf `QuantizedMatMul` is given nonscalar input for:\n - `min_a`\n - `max_a`\n - `min_b`\n - `max_b`\nIt gives a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nToutput = tf.qint32\ntranspose_a = False\ntranspose_b = False\nTactivation = tf.quint8\na = tf.constant(7, shape=[3,4], dtype=tf.quint8)\nb = tf.constant(1, shape=[2,3], dtype=tf.quint8)\nmin_a = tf.constant([], shape=[0], dtype=tf.float32)\nmax_a = tf.constant(0, shape=[1], dtype=tf.float32)\nmin_b = tf.constant(0, shape=[1], dtype=tf.float32)\nmax_b = tf.constant(0, shape=[1], dtype=tf.float32)\ntf.raw_ops.QuantizedMatMul(a=a, b=b, min_a=min_a, max_a=max_a, min_b=min_b, max_b=max_b, Toutput=Toutput, transpose_a=transpose_a, transpose_b=transpose_b, Tactivation=Tactivation)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [aca766ac7693bf29ed0df55ad6bfcc78f35e7f48](https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:22:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v","https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35973","https://github.com/advisories/GHSA-689c-r7h2-fv9v"],"source_kind":"github","identifiers":["GHSA-689c-r7h2-fv9v","CVE-2022-35973"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.957Z","updated_at":"2026-06-02T03:09:29.006Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02ODljLXI3aDItZnY5ds4AAu2x","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02ODljLXI3aDItZnY5ds4AAu2x","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02ODljLXI3aDItZnY5ds4AAu2x/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05ZnBnLTgzOHYtd3B2N84AAu2v","url":"https://github.com/advisories/GHSA-9fpg-838v-wpv7","title":" TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`","description":"### Impact\nIf `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nnum_bits = 8\nnarrow_range = False\ninputs = tf.constant(0, shape=[2,3], dtype=tf.float32)\nmin = tf.constant(0, shape=[2,3], dtype=tf.float32)\nmax = tf.constant(0, shape=[2,3], dtype=tf.float32)\ntf.raw_ops.FakeQuantWithMinMaxVars(inputs=inputs, min=min, max=max, num_bits=num_bits, narrow_range=narrow_range)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by:\n - Neophytos Christou, Secure Systems Labs, Brown University.\n - 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:20:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7","https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35971","https://github.com/advisories/GHSA-9fpg-838v-wpv7"],"source_kind":"github","identifiers":["GHSA-9fpg-838v-wpv7","CVE-2022-35971"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.975Z","updated_at":"2026-06-02T03:09:29.712Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05ZnBnLTgzOHYtd3B2N84AAu2v","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05ZnBnLTgzOHYtd3B2N84AAu2v","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"},{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05ZnBnLTgzOHYtd3B2N84AAu2v/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1nMzVyLTM2OXctM2ZxcM4AAu2u","url":"https://github.com/advisories/GHSA-g35r-369w-3fqp","title":"TensorFlow vulnerable to segfault in `QuantizedInstanceNorm`","description":"### Impact\nIf `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\noutput_range_given = False\ngiven_y_min = 0\ngiven_y_max = 0\nvariance_epsilon = 1e-05\nmin_separation = 0.001\nx = tf.constant(88, shape=[1,4,4,32], dtype=tf.quint8)\nx_min = tf.constant([], shape=[0], dtype=tf.float32)\nx_max = tf.constant(0, shape=[], dtype=tf.float32)\ntf.raw_ops.QuantizedInstanceNorm(x=x, x_min=x_min, x_max=x_max, output_range_given=output_range_given, given_y_min=given_y_min, given_y_max=given_y_max, variance_epsilon=variance_epsilon, min_separation=min_separation)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:17:57.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp","https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35970","https://github.com/advisories/GHSA-g35r-369w-3fqp"],"source_kind":"github","identifiers":["GHSA-g35r-369w-3fqp","CVE-2022-35970"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.984Z","updated_at":"2026-06-02T03:09:29.713Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nMzVyLTM2OXctM2ZxcM4AAu2u","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nMzVyLTM2OXctM2ZxcM4AAu2u","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nMzVyLTM2OXctM2ZxcM4AAu2u/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xMmMzLWpwbWMtZ2ZqeM4AAu2t","url":"https://github.com/advisories/GHSA-q2c3-jpmc-gfjx","title":"TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`","description":"### Impact\nThe implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack:\n```python\nimport tensorflow as tf\n\nstrides = [1, 1, 1, 1]\npadding = \"SAME\"\nuse_cudnn_on_gpu = True\nexplicit_paddings = []\ndata_format = \"NHWC\"\ndilations = [1, 1, 1, 1]\ninput_sizes = tf.constant([65534,65534], shape=[2], dtype=tf.int32)\nfilter = tf.constant(0.159749106, shape=[3,3,2,2], dtype=tf.float32)\nout_backprop = tf.constant(0, shape=[], dtype=tf.float32)\ntf.raw_ops.Conv2DBackpropInput(input_sizes=input_sizes, filter=filter, out_backprop=out_backprop, strides=strides, padding=padding, use_cudnn_on_gpu=use_cudnn_on_gpu, explicit_paddings=explicit_paddings, data_format=data_format, dilations=dilations)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [50156d547b9a1da0144d7babe665cf690305b33c](https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:17:17.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx","https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35969","https://github.com/advisories/GHSA-q2c3-jpmc-gfjx"],"source_kind":"github","identifiers":["GHSA-q2c3-jpmc-gfjx","CVE-2022-35969"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:57.994Z","updated_at":"2026-06-02T03:09:29.713Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMmMzLWpwbWMtZ2ZqeM4AAu2t","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xMmMzLWpwbWMtZ2ZqeM4AAu2t","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMmMzLWpwbWMtZ2ZqeM4AAu2t/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0yNDc1LTUzdnctdnAyNc4AAu2s","url":"https://github.com/advisories/GHSA-2475-53vw-vp25","title":"TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`","description":"### Impact\nThe implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack:\n```python\nimport tensorflow as tf\n\nksize = [1, 2, 2, 1]\nstrides = [1, 2, 2, 1]\npadding = \"VALID\"\ndata_format = \"NHWC\"\norig_input_shape = tf.constant(-536870912, shape=[4], dtype=tf.int32)\ngrad = tf.constant(.0890338004362538, shape=[1,5,7,1], dtype=tf.float64)\ntf.raw_ops.AvgPoolGrad(orig_input_shape=orig_input_shape, grad=grad, ksize=ksize, strides=strides, padding=padding, data_format=data_format)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [3a6ac52664c6c095aa2b114e742b0aa17fdce78f](https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:16:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25","https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35968","https://github.com/advisories/GHSA-2475-53vw-vp25"],"source_kind":"github","identifiers":["GHSA-2475-53vw-vp25","CVE-2022-35968"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.003Z","updated_at":"2026-06-02T03:09:29.714Z","epss_percentage":0.0007,"epss_percentile":0.2158,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yNDc1LTUzdnctdnAyNc4AAu2s","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0yNDc1LTUzdnctdnAyNc4AAu2s","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yNDc1LTUzdnctdnAyNc4AAu2s/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12NmgzLTM0OGctNmg1eM4AAu2r","url":"https://github.com/advisories/GHSA-v6h3-348g-6h5x","title":"TensorFlow vulnerable to segfault in `QuantizedAdd`","description":"### Impact\nIf `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nToutput = tf.qint32\nx = tf.constant(140, shape=[1], dtype=tf.quint8)\ny = tf.constant(26, shape=[10], dtype=tf.quint8)\nmin_x = tf.constant([], shape=[0], dtype=tf.float32)\nmax_x = tf.constant(0, shape=[], dtype=tf.float32)\nmin_y = tf.constant(0, shape=[], dtype=tf.float32)\nmax_y = tf.constant(0, shape=[], dtype=tf.float32)\ntf.raw_ops.QuantizedAdd(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y, Toutput=Toutput)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [49b3824d83af706df0ad07e4e677d88659756d89](https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:16:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x","https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35967","https://github.com/advisories/GHSA-v6h3-348g-6h5x"],"source_kind":"github","identifiers":["GHSA-v6h3-348g-6h5x","CVE-2022-35967"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.016Z","updated_at":"2026-06-02T03:09:29.715Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmgzLTM0OGctNmg1eM4AAu2r","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12NmgzLTM0OGctNmg1eM4AAu2r","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmgzLTM0OGctNmg1eM4AAu2r/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00dzY4LTR4ODUtbWpqOc4AAu2q","url":"https://github.com/advisories/GHSA-4w68-4x85-mjj9","title":"TensorFlow vulnerable to segfault in `QuantizedAvgPool`","description":"### Impact\nIf `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nksize = [1, 2, 2, 1]\nstrides = [1, 2, 2, 1]\npadding = \"SAME\"\ninput = tf.constant(1, shape=[1,4,4,2], dtype=tf.quint8)\nmin_input = tf.constant([], shape=[0], dtype=tf.float32)\nmax_input = tf.constant(0, shape=[1], dtype=tf.float32)\ntf.raw_ops.QuantizedAvgPool(input=input, min_input=min_input, max_input=max_input, ksize=ksize, strides=strides, padding=padding)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [7cdf9d4d2083b739ec81cfdace546b0c99f50622](https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:15:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9","https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35966","https://github.com/advisories/GHSA-4w68-4x85-mjj9"],"source_kind":"github","identifiers":["GHSA-4w68-4x85-mjj9","CVE-2022-35966"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.032Z","updated_at":"2026-06-02T03:09:29.716Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00dzY4LTR4ODUtbWpqOc4AAu2q","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00dzY4LTR4ODUtbWpqOc4AAu2q","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00dzY4LTR4ODUtbWpqOc4AAu2q/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1oN2ZmLWNmYzktd21taM4AAu2p","url":"https://github.com/advisories/GHSA-h7ff-cfc9-wmmh","title":" TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`","description":"### Impact\nWhen `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_2=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_3=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_4=8\narg_5=False\narg_6=None\ntf.quantization.fake_quant_with_min_max_vars_per_channel_gradient(gradients=arg_0, \n            inputs=arg_1, min=arg_2,  max=arg_3, num_bits=arg_4, \n            narrow_range=arg_5, name=arg_6)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [f3cf67ac5705f4f04721d15e485e192bb319feed](https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by \n - 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology\n - Neophytos Christou, Secure Systems Labs, Brown University\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:15:21.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh","https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35990","https://github.com/advisories/GHSA-h7ff-cfc9-wmmh"],"source_kind":"github","identifiers":["GHSA-h7ff-cfc9-wmmh","CVE-2022-35990"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.042Z","updated_at":"2026-06-02T03:09:29.716Z","epss_percentage":0.00135,"epss_percentile":0.3301,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oN2ZmLWNmYzktd21taM4AAu2p","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oN2ZmLWNmYzktd21taM4AAu2p","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oN2ZmLWNmYzktd21taM4AAu2p/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12bTd4LTRxaGotcnJjcc4AAu2o","url":"https://github.com/advisories/GHSA-vm7x-4qhj-rrcq","title":"TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`","description":"### Impact\nWhen `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)\narg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_3=''\ntf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1, \nelement_shape=arg_2, name=arg_3)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bb03fdf4aae944ab2e4b35c7daa051068a8b7f61](https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:15:05.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq","https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35991","https://github.com/advisories/GHSA-vm7x-4qhj-rrcq"],"source_kind":"github","identifiers":["GHSA-vm7x-4qhj-rrcq","CVE-2022-35991"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.051Z","updated_at":"2026-06-02T03:09:29.717Z","epss_percentage":0.00146,"epss_percentile":0.34523,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12bTd4LTRxaGotcnJjcc4AAu2o","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12bTd4LTRxaGotcnJjcc4AAu2o","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12bTd4LTRxaGotcnJjcc4AAu2o/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xeHB4LWozOTUtcHczNs4AAu2n","url":"https://github.com/advisories/GHSA-qxpx-j395-pw36","title":"TensorFlow vulnerable to segfault in `LowerBound` and `UpperBound`","description":"### Impact\nIf `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nout_type = tf.int32\nsorted_inputs = tf.constant([], shape=[10,0], dtype=tf.float32)\nvalues = tf.constant([], shape=[10,10,0,10,0], dtype=tf.float32)\ntf.raw_ops.LowerBound(sorted_inputs=sorted_inputs, values=values, out_type=out_type)\n```\n```python\nimport tensorflow as tf\n\nout_type = tf.int64\nsorted_inputs = tf.constant([], shape=[2,2,0,0,0,0,0,2], dtype=tf.float32)\nvalues = tf.constant(0.372660398, shape=[2,4], dtype=tf.float32)\ntf.raw_ops.UpperBound(sorted_inputs=sorted_inputs, values=values, out_type=out_type)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bce3717eaef4f769019fd18e990464ca4a2efeea](https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:14:39.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36","https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35965","https://github.com/advisories/GHSA-qxpx-j395-pw36"],"source_kind":"github","identifiers":["GHSA-qxpx-j395-pw36","CVE-2022-35965"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.060Z","updated_at":"2026-06-02T03:09:29.717Z","epss_percentage":0.00075,"epss_percentile":0.22594,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xeHB4LWozOTUtcHczNs4AAu2n","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xeHB4LWozOTUtcHczNs4AAu2n","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xeHB4LWozOTUtcHczNs4AAu2n/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05djh3LXhtcjQtd2d4cM4AAu2m","url":"https://github.com/advisories/GHSA-9v8w-xmr4-wgxp","title":"TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`","description":"### Impact\nWhen `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(6, 6, 2), dtype=tf.bfloat16, maxval=None)\narg_1=tf.random.uniform(shape=(6, 9, 1, 3), dtype=tf.int64, maxval=65536)\narg_2=''\ntf.raw_ops.TensorListFromTensor(tensor=arg_0, element_shape=arg_1, name=arg_2)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [3db59a042a38f4338aa207922fa2f476e000a6ee](https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:14:20.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp","https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35992","https://github.com/advisories/GHSA-9v8w-xmr4-wgxp"],"source_kind":"github","identifiers":["GHSA-9v8w-xmr4-wgxp","CVE-2022-35992"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.068Z","updated_at":"2026-06-02T03:09:29.718Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05djh3LXhtcjQtd2d4cM4AAu2m","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05djh3LXhtcjQtd2d4cM4AAu2m","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05djh3LXhtcjQtd2d4cM4AAu2m/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mN3I1LXE3Y3gtaDY2OM4AAu2k","url":"https://github.com/advisories/GHSA-f7r5-q7cx-h668","title":"TensorFlow vulnerable to segfault in `BlockLSTMGradV2`","description":"### Impact\nThe implementation of `BlockLSTMGradV2` does not fully validate its inputs.\n - `wci`, `wcf`, `wco`, `b` must be rank 1\n - `w`, cs_prev`, `h_prev` must be rank 2\n - `x` must be rank 3\nThis results in a a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nuse_peephole = False\nseq_len_max = tf.constant(1, shape=[], dtype=tf.int64)\nx = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\ncs_prev = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nh_prev = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nw = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nwci = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nwcf = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nwco = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nb = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\ni = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\ncs = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nf = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\no = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nci = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nco = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nh = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\ncs_grad = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\nh_grad = tf.constant(0.504355371, shape=[1,1,1], dtype=tf.float32)\ntf.raw_ops.BlockLSTMGradV2(seq_len_max=seq_len_max, x=x, cs_prev=cs_prev, h_prev=h_prev, w=w, wci=wci, wcf=wcf, wco=wco, b=b, i=i, cs=cs, f=f, o=o, ci=ci, co=co, h=h, cs_grad=cs_grad, h_grad=h_grad, use_peephole=use_peephole)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [2a458fc4866505be27c62f81474ecb2b870498fa](https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:14:00.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668","https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35964","https://github.com/advisories/GHSA-f7r5-q7cx-h668"],"source_kind":"github","identifiers":["GHSA-f7r5-q7cx-h668","CVE-2022-35964"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.086Z","updated_at":"2026-06-02T03:09:30.543Z","epss_percentage":0.00041,"epss_percentile":0.12537,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mN3I1LXE3Y3gtaDY2OM4AAu2k","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mN3I1LXE3Y3gtaDY2OM4AAu2k","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mN3I1LXE3Y3gtaDY2OM4AAu2k/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04NGptLTRjZjMtOWpmbc4AAu2j","url":"https://github.com/advisories/GHSA-84jm-4cf3-9jfm","title":"TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`","description":"### Impact\nThe implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a  `CHECK` failure which can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\noverlapping = True\norig_input_tensor_shape = tf.constant(-1879048192, shape=[4], dtype=tf.int64)\nout_backprop = tf.constant([], shape=[0,0,0,0], dtype=tf.float64)\nrow_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64)\ncol_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64)\ntf.raw_ops.FractionalAvgPoolGrad(orig_input_tensor_shape=orig_input_tensor_shape, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [03a659d7be9a1154fdf5eeac221e5950fec07dad](https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:13:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm","https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35963","https://github.com/advisories/GHSA-84jm-4cf3-9jfm"],"source_kind":"github","identifiers":["GHSA-84jm-4cf3-9jfm","CVE-2022-35963"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.094Z","updated_at":"2026-06-02T03:09:30.544Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04NGptLTRjZjMtOWpmbc4AAu2j","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04NGptLTRjZjMtOWpmbc4AAu2j","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04NGptLTRjZjMtOWpmbc4AAu2j/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1oNXZxLWd3MmMtcHE0N84AAu2i","url":"https://github.com/advisories/GHSA-h5vq-gw2c-pq47","title":"TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp`","description":"### Impact\nThe [`UnbatchGradOp`](https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891) function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program.\n```python\nimport numpy as np\nimport tensorflow as tf\n\n# `id` is not scalar\ntf.raw_ops.UnbatchGrad(original_input= tf.constant([1]),batch_index=tf.constant([[0,0,0 ], ], dtype=tf.int64),grad=tf.constant([1,]),id=tf.constant([1,1,], dtype=tf.int64))\n```\nIt also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program.\n```python\nimport numpy as np\nimport tensorflow as tf\n\n# batch_index's size is not 3\ntf.raw_ops.UnbatchGrad(original_input= tf.constant([1]),batch_index=tf.constant([[0,0], ], dtype=tf.int64),grad=tf.constant([1,]),id=tf.constant([1,], dtype=tf.int64))\n```\n\n### Patches\nWe have patched the issue in GitHub commit [5f945fc6409a3c1e90d6970c9292f805f6e6ddf2](https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Kang Hong Jin from Singapore Management University and 刘力源 from the Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:12:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47","https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2","https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35952","https://github.com/advisories/GHSA-h5vq-gw2c-pq47"],"source_kind":"github","identifiers":["GHSA-h5vq-gw2c-pq47","CVE-2022-35952"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.103Z","updated_at":"2026-06-02T03:09:30.545Z","epss_percentage":0.00219,"epss_percentile":0.44499,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNXZxLWd3MmMtcHE0N84AAu2i","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oNXZxLWd3MmMtcHE0N84AAu2i","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNXZxLWd3MmMtcHE0N84AAu2i/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14OTg5LXEycHEtNHE1eM4AAu2h","url":"https://github.com/advisories/GHSA-x989-q2pq-4q5x","title":"TensorFlow vulnerable to Int overflow in `RaggedRangeOp`","description":"### Impact\nThe [`RaggedRangOp`](https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88) function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program.\n```python\nimport tensorflow as tf\ntf.raw_ops.RaggedRange(starts=[1.1,0.1],limits=[10.0,1e20],deltas=[1,1])\n```\n\n### Patches\nWe have patched the issue in GitHub commit [37cefa91bee4eace55715eeef43720b958a01192](https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Jingyi Shi.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:12:41.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x","https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192","https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35940","https://github.com/advisories/GHSA-x989-q2pq-4q5x"],"source_kind":"github","identifiers":["GHSA-x989-q2pq-4q5x","CVE-2022-35940"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.111Z","updated_at":"2026-06-02T03:09:30.546Z","epss_percentage":0.00191,"epss_percentile":0.40779,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OTg5LXEycHEtNHE1eM4AAu2h","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14OTg5LXEycHEtNHE1eM4AAu2h","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OTg5LXEycHEtNHE1eM4AAu2h/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1maGZjLTJxN3gtOTI5Zs4AAu2g","url":"https://github.com/advisories/GHSA-fhfc-2q7x-929f","title":"TensorFlow vulnerable to `CHECK` fail in `CollectiveGather`","description":"### Impact\nWhen `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=1\narg_1=1\narg_2=1\narg_3=1\narg_4=(3, 3,3)\narg_5='auto'\narg_6=0\narg_7=''\ntf.raw_ops.CollectiveGather(input=arg_0, group_size=arg_1, group_key=arg_2,\n                            instance_key=arg_3, shape=arg_4,\n                            communication_hint=arg_5, timeout_seconds=arg_6, name=arg_7)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [c1f491817dec39a26be3c574e86a88c30f3c4770](https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:11:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f","https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35994","https://github.com/advisories/GHSA-fhfc-2q7x-929f"],"source_kind":"github","identifiers":["GHSA-fhfc-2q7x-929f","CVE-2022-35994"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.122Z","updated_at":"2026-06-02T03:09:30.547Z","epss_percentage":0.00041,"epss_percentile":0.12537,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1maGZjLTJxN3gtOTI5Zs4AAu2g","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1maGZjLTJxN3gtOTI5Zs4AAu2g","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1maGZjLTJxN3gtOTI5Zs4AAu2g/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12NXhnLTNxMmMtYzJyNM4AAu2f","url":"https://github.com/advisories/GHSA-v5xg-3q2c-c2r4","title":"TensorFlow vulnerable to `CHECK` failure in `TensorListReserve` via missing validation","description":"### Impact\nIn [`core/kernels/list_kernels.cc's TensorListReserve`](https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325), `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`.\n```python\nimport tensorflow as tf\n\ntf.raw_ops.TensorListReserve(element_shape=(1,1), num_elements=tf.constant([1,1], dtype=tf.int32), element_dtype=tf.int8)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [b5f6fbfba76576202b72119897561e3bd4f179c7](https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7).\n\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Kang Hong Jin from Singapore Management University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:11:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4","https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7","https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35960","https://github.com/advisories/GHSA-v5xg-3q2c-c2r4"],"source_kind":"github","identifiers":["GHSA-v5xg-3q2c-c2r4","CVE-2022-35960"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.132Z","updated_at":"2026-06-02T03:09:30.548Z","epss_percentage":0.00208,"epss_percentile":0.43022,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NXhnLTNxMmMtYzJyNM4AAu2f","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12NXhnLTNxMmMtYzJyNM4AAu2f","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NXhnLTNxMmMtYzJyNM4AAu2f/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xNWp2LW02cXctNWczN84AAu2e","url":"https://github.com/advisories/GHSA-q5jv-m6qw-5g37","title":"TensorFlow vulnerable to floating point exception in `Conv2D`","description":"### Impact\nIf `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nimport numpy as np\nwith tf.device(\"CPU\"): # also can be triggerred on GPU\n   input = np.ones([1, 0, 2, 1])\n   filter = np.ones([1, 1, 1, 1])\n   strides = ([1, 1, 1, 1])\n   padding = \"EXPLICIT\"\n   explicit_paddings = [0 , 0, 1, 1, 1, 1, 0, 0]\n   data_format = \"NHWC\"\n   res = tf.raw_ops.Conv2D(\n       input=input,\n       filter=filter,\n       strides=strides,\n       padding=padding,\n        explicit_paddings=explicit_paddings,\n       data_format=data_format,\n  )\n```\n\n### Patches\nWe have patched the issue in GitHub commit [611d80db29dd7b0cfb755772c69d60ae5bca05f9](https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Jingyi Shi.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:11:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37","https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35996","https://github.com/advisories/GHSA-q5jv-m6qw-5g37"],"source_kind":"github","identifiers":["GHSA-q5jv-m6qw-5g37","CVE-2022-35996"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.143Z","updated_at":"2026-06-02T03:09:30.548Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNWp2LW02cXctNWczN84AAu2e","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xNWp2LW02cXctNWczN84AAu2e","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNWp2LW02cXctNWczN84AAu2e/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13eGpqLWNnY3gtcjN2cc4AAu2d","url":"https://github.com/advisories/GHSA-wxjj-cgcx-r3vq","title":"TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad`","description":"### Impact\nThe implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a  `CHECK` failure which can be used to trigger a denial of service attack:\n```python\nimport tensorflow as tf\n\nksize = [1, 1, 1, 1, 1]\nstrides = [1, 1, 1, 1, 1]\npadding = \"SAME\"\ndata_format = \"NDHWC\"\norig_input_shape = tf.constant(1879048192, shape=[5], dtype=tf.int32)\ngrad = tf.constant(1, shape=[1,3,2,4,2], dtype=tf.float32)\ntf.raw_ops.AvgPool3DGrad(orig_input_shape=orig_input_shape, grad=grad, ksize=ksize, strides=strides, padding=padding, data_format=data_format)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [9178ac9d6389bdc54638ab913ea0e419234d14eb](https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:11:00.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq","https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35959","https://github.com/advisories/GHSA-wxjj-cgcx-r3vq"],"source_kind":"github","identifiers":["GHSA-wxjj-cgcx-r3vq","CVE-2022-35959"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.152Z","updated_at":"2026-06-02T03:09:30.549Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13eGpqLWNnY3gtcjN2cc4AAu2d","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13eGpqLWNnY3gtcjN2cc4AAu2d","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13eGpqLWNnY3gtcjN2cc4AAu2d/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mcXhjLXB2ZjgtMnc5ds4AAu2b","url":"https://github.com/advisories/GHSA-fqxc-pvf8-2w9v","title":"TensorFlow vulnerable to null dereference on MLIR on empty function attributes","description":"### Impact\n`Eig` can be fed an incorrect `Tout` input, resulting in a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\nimport numpy as np \narg_0=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)\narg_1=tf.complex128\narg_2=True\narg_3=''\ntf.raw_ops.Eig(input=arg_0, Tout=arg_1, compute_v=arg_2, name=arg_3)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [aed36912609fc07229b4d0a7b44f3f48efc00fd0](https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:09:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v","https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36000","https://github.com/advisories/GHSA-fqxc-pvf8-2w9v"],"source_kind":"github","identifiers":["GHSA-fqxc-pvf8-2w9v","CVE-2022-36000"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.172Z","updated_at":"2026-06-02T03:09:30.550Z","epss_percentage":0.00075,"epss_percentile":0.22594,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcXhjLXB2ZjgtMnc5ds4AAu2b","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mcXhjLXB2ZjgtMnc5ds4AAu2b","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcXhjLXB2ZjgtMnc5ds4AAu2b/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qcW03LW01cTctM2htNc4AAu2a","url":"https://github.com/advisories/GHSA-jqm7-m5q7-3hm5","title":"TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes`","description":"### Impact\nWhen `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\nimport numpy as np\narg_0=tf.constant(value=np.random.random(size=(1, 3, 2, 3)), shape=(1, 3, 2, 3), dtype=tf.half)\narg_1=tf.constant(value=np.random.random(size=(1, 2, 4)), shape=(1, 2, 4), dtype=tf.float32)\narg_2=''\ntf.raw_ops.DrawBoundingBoxes(images=arg_0, boxes=arg_1, name=arg_2)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [da0d65cdc1270038e72157ba35bf74b85d9bda11](https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:08:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5","https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36001","https://github.com/advisories/GHSA-jqm7-m5q7-3hm5"],"source_kind":"github","identifiers":["GHSA-jqm7-m5q7-3hm5","CVE-2022-36001"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.182Z","updated_at":"2026-06-02T03:09:30.551Z","epss_percentage":0.00135,"epss_percentile":0.3301,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcW03LW01cTctM2htNc4AAu2a","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qcW03LW01cTctM2htNc4AAu2a","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcW03LW01cTctM2htNc4AAu2a/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1taDNtLTYydjctNjh4Z84AAu2Y","url":"https://github.com/advisories/GHSA-mh3m-62v7-68xg","title":"TensorFlow vulnerable to `CHECK` fail in `Unbatch`","description":"### Impact\nWhen `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\nimport numpy as np\narg_0=tf.constant(value=np.random.random(size=(3, 3, 1)), dtype=tf.float64)\narg_1=tf.constant(value=np.random.randint(0,100,size=(3, 3, 1)), dtype=tf.int64)\narg_2=tf.constant(value=np.random.randint(0,100,size=(3, 3,  1)), dtype=tf.int64)\narg_3=47\narg_4=''\narg_5=''\ntf.raw_ops.Unbatch(batched_tensor=arg_0, batch_index=arg_1, id=arg_2, \n                   timeout_micros=arg_3, container=arg_4, shared_name=arg_5)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [4419d10d576adefa36b0e0a9425d2569f7c0189f](https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:06:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg","https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36002","https://github.com/advisories/GHSA-mh3m-62v7-68xg"],"source_kind":"github","identifiers":["GHSA-mh3m-62v7-68xg","CVE-2022-36002"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.190Z","updated_at":"2026-06-02T03:09:31.230Z","epss_percentage":0.00135,"epss_percentile":0.3301,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1taDNtLTYydjctNjh4Z84AAu2Y","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1taDNtLTYydjctNjh4Z84AAu2Y","packages":[{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1taDNtLTYydjctNjh4Z84AAu2Y/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04MjhjLTVqNXEtdnJqcc4AAu2X","url":"https://github.com/advisories/GHSA-828c-5j5q-vrjq","title":"TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`","description":"### Impact\nWhen [`mlir::tfg::GraphDefImporter::ConvertNodeDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc) tries to convert NodeDefs without an op name, it crashes.\n```cpp\nStatus GraphDefImporter::ConvertNodeDef(OpBuilder \u0026builder, ConversionState \u0026s,\n                                        const NodeDef \u0026node) {\n  VLOG(4) \u003c\u003c \"Importing: \" \u003c\u003c node.name();\n  OperationState state(ConvertLocation(node), absl::StrCat(\"tfg.\", node.op()));\n\n  // The GraphImporter does light shape inference, but here we will defer all of\n  // that to the shape inference pass.\n  const OpDef *op_def;\n  const OpRegistrationData *op_reg_data = nullptr;\n  if ((op_reg_data = registry_.LookUp(node.op()))) {\n    op_def = \u0026op_reg_data-\u003eop_def;\n  } else {\n    auto it = function_op_defs_.find(node.op());\n    if (it == function_op_defs_.end())\n      return InvalidArgument(\"Unable to find OpDef for \", node.op());\n    op_def = it-\u003esecond;\n  }\n```\n`node.op().empty()` cannot be empty.\n\n\n### Patches\nWe have patched the issue in GitHub commit [a0f0b9a21c9270930457095092f558fbad4c03e5](https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T22:01:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq","https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36013","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc","https://github.com/advisories/GHSA-828c-5j5q-vrjq"],"source_kind":"github","identifiers":["GHSA-828c-5j5q-vrjq","CVE-2022-36013"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.207Z","updated_at":"2026-06-02T03:09:31.231Z","epss_percentage":0.00222,"epss_percentile":0.44571,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04MjhjLTVqNXEtdnJqcc4AAu2X","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04MjhjLTVqNXEtdnJqcc4AAu2X","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04MjhjLTVqNXEtdnJqcc4AAu2X/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mdjQzLTkzZ3Ytdm04Zs4AAu2W","url":"https://github.com/advisories/GHSA-fv43-93gv-vm8f","title":"TensorFlow vulnerable to null dereference on MLIR on empty function attributes","description":"### Impact\nWhen [`mlir::tfg::ConvertGenericFunctionToFunctionDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc) is given empty function attributes, it gives a null dereference.\n```cpp\n// Import the function attributes with a `tf.` prefix to match the current\n// infrastructure expectations.\nfor (const auto\u0026 namedAttr : func.attr()) {\n  const std::string\u0026 name = \"tf.\" + namedAttr.first;\n  const AttrValue\u0026 tf_attr = namedAttr.second;\n  TF_ASSIGN_OR_RETURN(Attribute attr,\n                      ConvertAttributeValue(tf_attr, builder, tfgDialect));\n  attrs.append(name, attr);\n}\n```\nIf `namedAttr.first` is empty, it will crash.\n\n### Patches\nWe have patched the issue in GitHub commit [1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b](https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:59:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f","https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36011","https://github.com/advisories/GHSA-fv43-93gv-vm8f"],"source_kind":"github","identifiers":["GHSA-fv43-93gv-vm8f","CVE-2022-36011"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.224Z","updated_at":"2026-06-02T03:09:31.232Z","epss_percentage":0.00075,"epss_percentile":0.22594,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mdjQzLTkzZ3Ytdm04Zs4AAu2W","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mdjQzLTkzZ3Ytdm04Zs4AAu2W","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mdjQzLTkzZ3Ytdm04Zs4AAu2W/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13cW1jLXBtOGMtMmpoY84AAu2V","url":"https://github.com/advisories/GHSA-wqmc-pm8c-2jhc","title":"TensorFlow vulnerable to segfault in `Requantize`","description":"### Impact\nIf `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nout_type = tf.quint8\ninput = tf.constant([1], shape=[3], dtype=tf.qint32)\ninput_min = tf.constant([], shape=[0], dtype=tf.float32)\ninput_max = tf.constant(-256, shape=[1], dtype=tf.float32)\nrequested_output_min = tf.constant(-256, shape=[1], dtype=tf.float32)\nrequested_output_max = tf.constant(-256, shape=[1], dtype=tf.float32)\ntf.raw_ops.Requantize(input=input, input_min=input_min, input_max=input_max, requested_output_min=requested_output_min, requested_output_max=requested_output_max, out_type=out_type)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:57:05.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc","https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36017","https://github.com/advisories/GHSA-wqmc-pm8c-2jhc"],"source_kind":"github","identifiers":["GHSA-wqmc-pm8c-2jhc","CVE-2022-36017"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.232Z","updated_at":"2026-06-02T03:09:31.233Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cW1jLXBtOGMtMmpoY84AAu2V","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13cW1jLXBtOGMtMmpoY84AAu2V","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cW1jLXBtOGMtMmpoY84AAu2V/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jdjJwLTMydjMtdmh3cc4AAu2U","url":"https://github.com/advisories/GHSA-cv2p-32v3-vhwq","title":"TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2`","description":"### Impact\nWhen `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(4,), dtype=tf.int32, maxval=65536)\narg_1=tf.random.uniform(shape=(4, 4, 4, 4, 4), dtype=tf.float32, maxval=None)\narg_2=0\narg_3=0\narg_4=tf.int32\narg_5=None\ntf.raw_ops.RandomPoissonV2(shape=arg_0, rate=arg_1, seed=arg_2,\n                           seed2=arg_3, dtype=arg_4, name=arg_5)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [552bfced6ce4809db5f3ca305f60ff80dd40c5a3](https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:39:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq","https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36003","https://github.com/advisories/GHSA-cv2p-32v3-vhwq"],"source_kind":"github","identifiers":["GHSA-cv2p-32v3-vhwq","CVE-2022-36003"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.242Z","updated_at":"2026-06-02T03:09:31.234Z","epss_percentage":0.00135,"epss_percentile":0.3301,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jdjJwLTMydjMtdmh3cc4AAu2U","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jdjJwLTMydjMtdmh3cc4AAu2U","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jdjJwLTMydjMtdmh3cc4AAu2U/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yMjZjLTY3OXctbXJqbc4AAu2T","url":"https://github.com/advisories/GHSA-r26c-679w-mrjm","title":"TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`","description":"### Impact\nWhen `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\nimport numpy as np \narg_0=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)\narg_1=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)\narg_2=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)\narg_3=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2), dtype=tf.float32)\narg_4=8\narg_5=False\narg_6=''\ntf.quantization.fake_quant_with_min_max_vars_gradient(gradients=arg_0, inputs=arg_1,\nmin=arg_2, max=arg_3, num_bits=arg_4, narrow_range=arg_5, name=arg_6)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [f3cf67ac5705f4f04721d15e485e192bb319feed](https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by\n - 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology\n - Neophytos Christou, Secure Systems Labs, Brown University\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:28:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm","https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36005","https://github.com/advisories/GHSA-r26c-679w-mrjm"],"source_kind":"github","identifiers":["GHSA-r26c-679w-mrjm","CVE-2022-36005"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.267Z","updated_at":"2026-06-02T03:09:31.235Z","epss_percentage":0.00147,"epss_percentile":0.34842,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yMjZjLTY3OXctbXJqbc4AAu2T","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yMjZjLTY3OXctbXJqbc4AAu2T","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yMjZjLTY3OXctbXJqbc4AAu2T/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1nOWg1LXZyOG0teDJoNM4AAu2S","url":"https://github.com/advisories/GHSA-g9h5-vr8m-x2h4","title":"TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2`","description":"### Impact\nWhen `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=''\narg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_2=tf.random.uniform(shape=(2,1), dtype=tf.float32, maxval=None)\narg_3=3\narg_4=''\ntf.raw_ops.AudioSummaryV2(tag=arg_0, tensor=arg_1, sample_rate=arg_2,\n                          max_outputs=arg_3, name=arg_4)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf6b45244992e2ee543c258e519489659c99fb7f](https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:25:53.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4","https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35995","https://github.com/advisories/GHSA-g9h5-vr8m-x2h4"],"source_kind":"github","identifiers":["GHSA-g9h5-vr8m-x2h4","CVE-2022-35995"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.276Z","updated_at":"2026-05-22T03:11:44.658Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nOWg1LXZyOG0teDJoNM4AAu2S","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nOWg1LXZyOG0teDJoNM4AAu2S","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nOWg1LXZyOG0teDJoNM4AAu2S/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1tdjhtLTh4OTctOTM3cc4AAu2Q","url":"https://github.com/advisories/GHSA-mv8m-8x97-937q","title":"TensorFlow vulnerable to `CHECK` fail in `tf.random.gamma`","description":"### Impact\nWhen `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(4,), dtype=tf.int32, maxval=65536)\narg_1=tf.random.uniform(shape=(4, 4), dtype=tf.float64, maxval=None)\narg_2=tf.random.uniform(shape=(4, 4, 4, 4, 4), dtype=tf.float64, maxval=None)\narg_3=tf.float64\narg_4=48\narg_5='None'\ntf.random.gamma(shape=arg_0, alpha=arg_1, beta=arg_2, dtype=arg_3, seed=arg_4, name=arg_5)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [552bfced6ce4809db5f3ca305f60ff80dd40c5a3](https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:23:11.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q","https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36004","https://github.com/advisories/GHSA-mv8m-8x97-937q"],"source_kind":"github","identifiers":["GHSA-mv8m-8x97-937q","CVE-2022-36004"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.294Z","updated_at":"2026-06-02T03:09:31.237Z","epss_percentage":0.00135,"epss_percentile":0.32986,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tdjhtLTh4OTctOTM3cc4AAu2Q","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1tdjhtLTh4OTctOTM3cc4AAu2Q","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tdjhtLTh4OTctOTM3cc4AAu2Q/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1nNDY4LXFqOGctdmNqY84AAu2P","url":"https://github.com/advisories/GHSA-g468-qj8g-vcjc","title":"TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`","description":"### Impact\nWhen [`tensorflow::full_type::SubstituteFromAttrs`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc) receives a `FullTypeDef\u0026 t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status.\n```cpp\nStatus SubstituteForEach(AttrMap\u0026 attrs, FullTypeDef\u0026 t) {\n  DCHECK_EQ(t.args_size(), 3);\n\n  const auto\u0026 cont = t.args(0);\n  const auto\u0026 tmpl = t.args(1);\n  const auto\u0026 t_var = t.args(2);\n```\n\n### Patches\nWe have patched the issue in GitHub commit [6104f0d4091c260ce9352f9155f7e9b725eab012](https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012).\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-09-16T21:22:51.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc","https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36016","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc","https://github.com/advisories/GHSA-g468-qj8g-vcjc"],"source_kind":"github","identifiers":["GHSA-g468-qj8g-vcjc","CVE-2022-36016"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.303Z","updated_at":"2026-06-02T03:09:31.238Z","epss_percentage":0.004,"epss_percentile":0.60946,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nNDY4LXFqOGctdmNqY84AAu2P","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nNDY4LXFqOGctdmNqY84AAu2P","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nNDY4LXFqOGctdmNqY84AAu2P/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03ajNtLThnM2MtOXFxcc4AAu2N","url":"https://github.com/advisories/GHSA-7j3m-8g3c-9qqq","title":"TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`","description":"### Impact\nWhen [`mlir::tfg::TFOp::nameAttr`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc) receives null type list attributes, it crashes.\n```cpp\n\nStatusOr\u003cunsigned\u003e GraphDefImporter::ArgNumType(const NamedAttrList \u0026attrs,\n                                                const OpDef::ArgDef \u0026arg_def,\n                                                SmallVectorImpl\u003cType\u003e \u0026types) {\n  // Check whether a type list attribute is specified.\n  if (!arg_def.type_list_attr().empty()) {\n    if (auto v = attrs.get(arg_def.type_list_attr()).dyn_cast\u003cArrayAttr\u003e()) {\n      for (Attribute attr : v) {\n        if (auto dtype = attr.dyn_cast\u003cTypeAttr\u003e()) {\n          types.push_back(UnrankedTensorType::get(dtype.getValue()));\n        } else {\n          return InvalidArgument(\"Expected '\", arg_def.type_list_attr(),\n                                 \"' to be a list of types\");\n        }\n      }\n      return v.size();\n    }\n    return NotFound(\"Type attr not found: \", arg_def.type_list_attr());\n  }\n\n  unsigned num = 1;\n  // Check whether a number attribute is specified.\n  if (!arg_def.number_attr().empty()) {\n    if (auto v = attrs.get(arg_def.number_attr()).dyn_cast\u003cIntegerAttr\u003e()) {\n      num = v.getValue().getZExtValue();\n    } else {\n      return NotFound(\"Type attr not found: \", arg_def.number_attr());\n    }\n  }\n\n  // Check for a type or type attribute.\n  Type dtype;\n  if (arg_def.type() != DataType::DT_INVALID) {\n    TF_RETURN_IF_ERROR(ConvertDataType(arg_def.type(), b_, \u0026dtype));\n  } else if (arg_def.type_attr().empty()) {\n    return InvalidArgument(\"Arg '\", arg_def.name(),\n                           \"' has invalid type and no type attribute\");\n  } else {\n    if (auto v = attrs.get(arg_def.type_attr()).dyn_cast\u003cTypeAttr\u003e()) {\n      dtype = v.getValue();\n    } else {\n      return NotFound(\"Type attr not found: \", arg_def.type_attr());\n    }\n  }\n  types.append(num, UnrankedTensorType::get(dtype));\n  return num;\n}\n```\n\n\n### Patches\nWe have patched the issue in GitHub commits [3a754740d5414e362512ee981eefba41561a63a6](https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6) and [a0f0b9a21c9270930457095092f558fbad4c03e5](https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:20:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq","https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6","https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36014","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc","https://github.com/advisories/GHSA-7j3m-8g3c-9qqq"],"source_kind":"github","identifiers":["GHSA-7j3m-8g3c-9qqq","CVE-2022-36014"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.329Z","updated_at":"2026-06-02T03:09:31.239Z","epss_percentage":0.00333,"epss_percentile":0.55786,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ajNtLThnM2MtOXFxcc4AAu2N","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03ajNtLThnM2MtOXFxcc4AAu2N","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ajNtLThnM2MtOXFxcc4AAu2N/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qdmhjLTVoaHItdzN2Nc4AAu2L","url":"https://github.com/advisories/GHSA-jvhc-5hhr-w3v5","title":"TensorFlow vulnerable to assertion fail on MLIR empty edge names","description":"### Impact\nWhen [`mlir::tfg::ConvertGenericFunctionToFunctionDef`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc) is given empty function attributes, it crashes.\n```cpp\n// We pre-allocate the array of operands and populate it using the\n// `output_name_to_position` and `control_output_to_position` populated\n// previously.\nSmallVector\u003cValue\u003e ret_vals(func.ret_size() + func.control_ret_size(),\n                            Value());\nfor (const auto\u0026 ret_val : func.ret()) {\n  auto position = output_name_to_position.find(ret_val.first);\n  if (position == output_name_to_position.end())\n    return InvalidArgument(\n        \"Can't import function, returned value references unknown output \"\n        \"argument \",\n        ret_val.first);\n  ret_vals[position-\u003esecond] =\n      value_manager.GetValueOrCreatePlaceholder(ret_val.second);\n}\nfor (const auto\u0026 ret_val : func.control_ret()) {\n  auto position = control_output_to_position.find(ret_val.first);\n  if (position == control_output_to_position.end())\n    return InvalidArgument(\n        \"Can't import function, returned value references unknown output \"\n        \"argument \",\n        ret_val.first);\n  Value result = value_manager.GetValueOrCreatePlaceholder(\n      (Twine(\"^\") + ret_val.second).str());\n```\n`ret_val.second` cannot be empty. Neither can `input`.\n```cpp\n// Process every node and create a matching MLIR operation\nfor (const NodeDef\u0026 node : nodes) {\n  if (node.op().empty()) return InvalidArgument(\"empty op type\");\n  OperationState state(unknown_loc, absl::StrCat(\"tfg.\", node.op()));\n  // Fetch the inputs, creating placeholder if an input hasn't been visited.\n  for (const std::string\u0026 input : node.input())\n    state.operands.push_back(\n        value_manager.GetValueOrCreatePlaceholder(input));\n```\n\n\n### Patches\nWe have patched the issue in GitHub commit [ad069af92392efee1418c48ff561fd3070a03d7b](https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:19:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5","https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36012","https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc","https://github.com/advisories/GHSA-jvhc-5hhr-w3v5"],"source_kind":"github","identifiers":["GHSA-jvhc-5hhr-w3v5","CVE-2022-36012"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.351Z","updated_at":"2026-06-02T03:09:32.069Z","epss_percentage":0.00191,"epss_percentile":0.40779,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qdmhjLTVoaHItdzN2Nc4AAu2L","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qdmhjLTVoaHItdzN2Nc4AAu2L","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qdmhjLTVoaHItdzN2Nc4AAu2L/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13NjJoLTh4am0tZnY0Oc4AAu2K","url":"https://github.com/advisories/GHSA-w62h-8xjm-fv49","title":"TensorFlow vulnerable to `CHECK` fail in `DenseBincount`","description":"### Impact\n`DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nbinary_output = True\ninput = tf.random.uniform(shape=[0, 0], minval=-10000, maxval=10000, dtype=tf.int32, seed=-2460)\nsize = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)\nweights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000)\ntf.raw_ops.DenseBincount(input=input, size=size, weights=weights, binary_output=binary_output)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf4c14353c2328636a18bfad1e151052c81d5f43](https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:19:15.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49","https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35987","https://github.com/advisories/GHSA-w62h-8xjm-fv49"],"source_kind":"github","identifiers":["GHSA-w62h-8xjm-fv49","CVE-2022-35987"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.360Z","updated_at":"2026-06-02T03:09:32.069Z","epss_percentage":0.00064,"epss_percentile":0.19797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NjJoLTh4am0tZnY0Oc4AAu2K","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13NjJoLTh4am0tZnY0Oc4AAu2K","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NjJoLTh4am0tZnY0Oc4AAu2K/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1tZ21oLWcydjYtbXF3Nc4AAu2J","url":"https://github.com/advisories/GHSA-mgmh-g2v6-mqw5","title":"TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`","description":"### Impact\nThe [`AvgPoolOp`](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98) function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program.\n```python\nimport tensorflow as tf\nimport numpy as np\n\nvalue = np.ones([1, 1, 1, 1])\nksize = [1, 1e20, 1, 1]\nstrides = [1, 1, 1, 1]\npadding = 'SAME'\ndata_format = 'NHWC'\n\ntf.raw_ops.AvgPool(value=value, ksize=ksize, strides=strides, padding=padding, data_format=data_format)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [3a6ac52664c6c095aa2b114e742b0aa17fdce78f](https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Jingyi Shi.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:18:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5","https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f","https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35941","https://github.com/advisories/GHSA-mgmh-g2v6-mqw5"],"source_kind":"github","identifiers":["GHSA-mgmh-g2v6-mqw5","CVE-2022-35941"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.369Z","updated_at":"2026-06-02T03:09:32.070Z","epss_percentage":0.00191,"epss_percentile":0.41013,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tZ21oLWcydjYtbXF3Nc4AAu2J","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1tZ21oLWcydjYtbXF3Nc4AAu2J","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.2","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.2","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.2","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tZ21oLWcydjYtbXF3Nc4AAu2J/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05Y3IyLThwd3ItZmhmcc4AAu2H","url":"https://github.com/advisories/GHSA-9cr2-8pwr-fhfq","title":"TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`","description":"### Impact\nIf `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nsigned_input = True\nrange_given = False\nnarrow_range = False\naxis = -1\ninput = tf.constant(-3.5, shape=[1], dtype=tf.float32)\ninput_min = tf.constant(-3.5, shape=[1], dtype=tf.float32)\ninput_max = tf.constant(-3.5, shape=[1], dtype=tf.float32)\nnum_bits = tf.constant([], shape=[0], dtype=tf.int32)\ntf.raw_ops.QuantizeAndDequantizeV3(input=input, input_min=input_min, input_max=input_max, num_bits=num_bits, signed_input=signed_input, range_given=range_given, narrow_range=narrow_range, axis=axis)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [f3f9cb38ecfe5a8a703f2c4a8fead434ef291713](https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:15:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq","https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36026","https://github.com/advisories/GHSA-9cr2-8pwr-fhfq"],"source_kind":"github","identifiers":["GHSA-9cr2-8pwr-fhfq","CVE-2022-36026"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.395Z","updated_at":"2026-06-02T03:09:32.071Z","epss_percentage":0.00135,"epss_percentile":0.3301,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Y3IyLThwd3ItZmhmcc4AAu2H","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05Y3IyLThwd3ItZmhmcc4AAu2H","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Y3IyLThwd3ItZmhmcc4AAu2H/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1tNmN2LTRmbWYtNjZ4Zs4AAu2G","url":"https://github.com/advisories/GHSA-m6cv-4fmf-66xf","title":"TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`","description":"### Impact\nIf `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nbatched_input = True\nrt_nested_splits = tf.constant([0,32,64], shape=[3], dtype=tf.int64)\nrt_dense_values = tf.constant([0,32,64], shape=[3], dtype=tf.int64)\ntf.raw_ops.RaggedTensorToVariant(rt_nested_splits=rt_nested_splits, rt_dense_values=rt_dense_values, batched_input=batched_input)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [88f93dfe691563baa4ae1e80ccde2d5c7a143821](https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:14:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf","https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36018","https://github.com/advisories/GHSA-m6cv-4fmf-66xf"],"source_kind":"github","identifiers":["GHSA-m6cv-4fmf-66xf","CVE-2022-36018"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.412Z","updated_at":"2026-06-02T03:09:32.072Z","epss_percentage":0.00135,"epss_percentile":0.3301,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNmN2LTRmbWYtNjZ4Zs4AAu2G","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1tNmN2LTRmbWYtNjZ4Zs4AAu2G","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNmN2LTRmbWYtNjZ4Zs4AAu2G/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05ajR2LXBwMjgtbXh2N84AAu2F","url":"https://github.com/advisories/GHSA-9j4v-pp28-mxv7","title":"TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`","description":"### Impact\nIf `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\nnum_bits = 8\nnarrow_range = False\ninputs = tf.constant(0, shape=[4], dtype=tf.float32)\nmin = tf.constant([], shape=[4,0,0], dtype=tf.float32)\nmax = tf.constant(0, shape=[4], dtype=tf.float32)\ntf.raw_ops.FakeQuantWithMinMaxVarsPerChannel(inputs=inputs, min=min, max=max, num_bits=num_bits, narrow_range=narrow_range)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [785d67a78a1d533759fcd2f5e8d6ef778de849e0](https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:13:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7","https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36019","https://github.com/advisories/GHSA-9j4v-pp28-mxv7"],"source_kind":"github","identifiers":["GHSA-9j4v-pp28-mxv7","CVE-2022-36019"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.422Z","updated_at":"2026-06-02T03:09:32.072Z","epss_percentage":0.00135,"epss_percentile":0.3301,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05ajR2LXBwMjgtbXh2N84AAu2F","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05ajR2LXBwMjgtbXh2N84AAu2F","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05ajR2LXBwMjgtbXh2N84AAu2F/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03OWgyLXE3NjgtZnB4cs4AAu2D","url":"https://github.com/advisories/GHSA-79h2-q768-fpxr","title":" TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions","description":"### Impact\nWhen converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process.\n```python\nimport tensorflow as tf\n\nclass QuantConv2DTransposed(tf.keras.layers.Layer):\n    def build(self, input_shape):\n        self.kernel = self.add_weight(\"kernel\", [3, 3, input_shape[-1], 24])\n\n    def call(self, inputs):\n        filters = tf.quantization.fake_quant_with_min_max_vars_per_channel(\n            self.kernel, -3.0 * tf.ones([24]), 3.0 * tf.ones([24]), narrow_range=True\n        )\n        filters = tf.transpose(filters, (0, 1, 3, 2))\n        return tf.nn.conv2d_transpose(inputs, filters, [*inputs.shape[:-1], 24], 1)\n\ninp = tf.keras.Input(shape=(6, 8, 48), batch_size=1)\nx = tf.quantization.fake_quant_with_min_max_vars(inp, -3.0, 3.0, narrow_range=True)\nx = QuantConv2DTransposed()(x)\nx = tf.quantization.fake_quant_with_min_max_vars(x, -3.0, 3.0, narrow_range=True)\n\nmodel = tf.keras.Model(inp, x)\n\nmodel.save(\"/tmp/testing\")\nconverter = tf.lite.TFLiteConverter.from_saved_model(\"/tmp/testing\")\nconverter.optimizations = [tf.lite.Optimize.DEFAULT]\n\n# terminated by signal SIGSEGV (Address boundary error)\ntflite_model = converter.convert()\n```\n\n### Patches\nWe have patched the issue in GitHub commit [aa0b852a4588cea4d36b74feb05d93055540b450](https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Lukas Geiger via [Github issue](https://github.com/tensorflow/tensorflow/issues/53767).\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T21:06:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr","https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-36027","https://github.com/tensorflow/tensorflow/issues/53767","https://github.com/advisories/GHSA-79h2-q768-fpxr"],"source_kind":"github","identifiers":["GHSA-79h2-q768-fpxr","CVE-2022-36027"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.455Z","updated_at":"2026-06-02T03:09:32.073Z","epss_percentage":0.00267,"epss_percentile":0.49883,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03OWgyLXE3NjgtZnB4cs4AAu2D","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03OWgyLXE3NjgtZnB4cs4AAu2D","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03OWgyLXE3NjgtZnB4cs4AAu2D/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mZmptLTRxd2MtN2NtZs4AAu2A","url":"https://github.com/advisories/GHSA-ffjm-4qwc-7cmf","title":"TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite","description":"### Impact\nThe [`ScatterNd`](https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698) function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash.\n\n### Patches\nWe have patched the issue in GitHub commit [b4d4b4cb019bd7240a52daa4ba61e3cc814f0384](https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Hui Peng from Baidu Security.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-09-16T21:04:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.0,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf","https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384","https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35939","https://github.com/advisories/GHSA-ffjm-4qwc-7cmf"],"source_kind":"github","identifiers":["GHSA-ffjm-4qwc-7cmf","CVE-2022-35939"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.489Z","updated_at":"2026-06-02T03:09:32.075Z","epss_percentage":0.00231,"epss_percentile":0.45631,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mZmptLTRxd2MtN2NtZs4AAu2A","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mZmptLTRxd2MtN2NtZs4AAu2A","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mZmptLTRxd2MtN2NtZs4AAu2A/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1weHJ3LWoyZnYtaHgzaM4AAu1_","url":"https://github.com/advisories/GHSA-pxrw-j2fv-hx3h","title":"TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite","description":"### Impact\nThe [`GatherNd`](https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111) function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered.\n\n### Patches\nWe have patched the issue in GitHub commit [595a65a3e224a0362d7e68c2213acfc2b499a196](https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196).\n\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Hui Peng from Baidu Security.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-09-16T21:04:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.0,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h","https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35937","https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111","https://github.com/advisories/GHSA-pxrw-j2fv-hx3h"],"source_kind":"github","identifiers":["GHSA-pxrw-j2fv-hx3h","CVE-2022-35937"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.498Z","updated_at":"2026-06-02T03:09:32.076Z","epss_percentage":0.00126,"epss_percentile":0.31493,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1weHJ3LWoyZnYtaHgzaM4AAu1_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1weHJ3LWoyZnYtaHgzaM4AAu1_","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1weHJ3LWoyZnYtaHgzaM4AAu1_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mNHc2LWg0ZjUtd3g0Nc4AAu13","url":"https://github.com/advisories/GHSA-f4w6-h4f5-wx45","title":"TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows","description":"### Impact\nThe implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:\n```python\nimport tensorflow as tf\n\ntf.reshape(tensor=[[1]],shape=tf.constant([0 for i in range(255)], dtype=tf.int64))\n```\nThis is another instance of [TFSA-2021-198](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md) (https://github.com/advisories/GHSA-prcg-wp5q-rv7p).\n\n### Patches\nWe have patched the issue in GitHub commit [61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555](https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Kang Hong Jin from Singapore Management University.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T20:56:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45","https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35934","https://github.com/advisories/GHSA-f4w6-h4f5-wx45"],"source_kind":"github","identifiers":["GHSA-f4w6-h4f5-wx45","CVE-2022-35934"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.588Z","updated_at":"2026-06-02T03:09:33.264Z","epss_percentage":0.00041,"epss_percentile":0.12537,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNHc2LWg0ZjUtd3g0Nc4AAu13","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mNHc2LWg0ZjUtd3g0Nc4AAu13","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNHc2LWg0ZjUtd3g0Nc4AAu13/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05N3A3LXc4NmgtdmNmOc4AAu12","url":"https://github.com/advisories/GHSA-97p7-w86h-vcf9","title":"TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation","description":"### Impact\nThe implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar.\n```python\nimport tensorflow as tf\ntf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1]))\n```\n\n### Patches\nWe have patched the issue in GitHub commit [c65c67f88ad770662e8f191269a907bf2b94b1bf](https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf).\n\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by:\n- Kang Hong Jin from Singapore Management University\n- Neophytos Christou, Secure Systems Labs, Brown University\n- 刘力源, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T20:51:55.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9","https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35935","https://github.com/advisories/GHSA-97p7-w86h-vcf9"],"source_kind":"github","identifiers":["GHSA-97p7-w86h-vcf9","CVE-2022-35935"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.596Z","updated_at":"2026-06-02T03:09:33.265Z","epss_percentage":0.00093,"epss_percentile":0.26062,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05N3A3LXc4NmgtdmNmOc4AAu12","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05N3A3LXc4NmgtdmNmOc4AAu12","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05N3A3LXc4NmgtdmNmOc4AAu12/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wN2hyLWY0NDYteDZxZs4AAu1u","url":"https://github.com/advisories/GHSA-p7hr-f446-x6qf","title":"TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`","description":"### Impact\nIf `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\ntf.sparse.cross(inputs=[],name='a',separator=tf.constant(['a', 'b'],dtype=tf.string))\n```\n\n### Patches\nWe have patched the issue in GitHub commit [83dcb4dbfa094e33db084e97c4d0531a559e0ebf](https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Kang Hong Jin.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-09-16T19:25:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf","https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf","https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0","https://nvd.nist.gov/vuln/detail/CVE-2022-35997","https://github.com/advisories/GHSA-p7hr-f446-x6qf"],"source_kind":"github","identifiers":["GHSA-p7hr-f446-x6qf","CVE-2022-35997"],"repository_url":"https://github.com/tensorflow/tensorflow","blast_radius":0.0,"created_at":"2022-12-21T16:11:58.713Z","updated_at":"2026-06-02T03:09:33.268Z","epss_percentage":0.00047,"epss_percentile":0.14592,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wN2hyLWY0NDYteDZxZs4AAu1u","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wN2hyLWY0NDYteDZxZs4AAu1u","packages":[{"ecosystem":"pypi","package_name":"tensorflow-gpu","versions":[{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"},{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"}],"purl":"pkg:pypi/tensorflow-gpu"},{"ecosystem":"pypi","package_name":"tensorflow-cpu","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow-cpu"},{"ecosystem":"pypi","package_name":"tensorflow","versions":[{"first_patched_version":"2.9.1","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.1"},{"first_patched_version":"2.8.1","vulnerable_version_range":"\u003e= 2.8.0, \u003c 2.8.1"},{"first_patched_version":"2.7.2","vulnerable_version_range":"\u003c 2.7.2"}],"purl":"pkg:pypi/tensorflow"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wN2hyLWY0NDYteDZxZs4AAu1u/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/tensorflow-cpu","docker_dependents_count":134,"docker_downloads_count":75680027,"usage_url":"https://repos.ecosyste.ms/usage/pypi/tensorflow-cpu","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/tensorflow-cpu/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2024-09-07T13:39:12.266Z","issues_count":2753,"pull_requests_count":9129,"avg_time_to_close_issue":31768490.326941516,"avg_time_to_close_pull_request":668841.7849334601,"issues_closed_count":1036,"pull_requests_closed_count":4207,"pull_request_authors_count":266,"issue_authors_count":1552,"avg_comments_per_issue":6.591354885579368,"avg_comments_per_pull_request":0.37879285792529305,"merged_pull_requests_count":3133,"bot_issues_count":6,"bot_pull_requests_count":8359,"past_year_issues_count":1745,"past_year_pull_requests_count":8905,"past_year_avg_time_to_close_issue":2809901.1270125224,"past_year_avg_time_to_close_pull_request":307536.58474987856,"past_year_issues_closed_count":555,"past_year_pull_requests_closed_count":4117,"past_year_pull_request_authors_count":181,"past_year_issue_authors_count":854,"past_year_avg_comments_per_issue":4.274498567335244,"past_year_avg_comments_per_pull_request":0.1639528354856822,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":8359,"past_year_merged_pull_requests_count":3089,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorflow%2Ftensorflow/issues","maintainers":[{"login":"SuryanarayanaY","count":48,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/SuryanarayanaY"},{"login":"tensorflow-jenkins","count":37,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tensorflow-jenkins"},{"login":"nitins17","count":18,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/nitins17"},{"login":"kanglant","count":10,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kanglant"},{"login":"rmlarsen","count":9,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/rmlarsen"},{"login":"Lifann","count":7,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Lifann"},{"login":"angerson","count":6,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/angerson"},{"login":"vam-google","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/vam-google"},{"login":"perfinion","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/perfinion"},{"login":"fsx950223","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/fsx950223"},{"login":"MarkDaoust","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/MarkDaoust"},{"login":"quoctruong","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/quoctruong"},{"login":"mihaimaruseac","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mihaimaruseac"},{"login":"seanpmorgan","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/seanpmorgan"},{"login":"nyadla-sys","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/nyadla-sys"},{"login":"MichaelHudgins","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/MichaelHudgins"},{"login":"meteorcloudy","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/meteorcloudy"},{"login":"mattdangerw","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mattdangerw"},{"login":"learning-to-play","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/learning-to-play"},{"login":"chihuahua","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/chihuahua"},{"login":"AakashKumarNain","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/AakashKumarNain"}],"active_maintainers":[{"login":"SuryanarayanaY","count":42,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/SuryanarayanaY"},{"login":"tensorflow-jenkins","count":33,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tensorflow-jenkins"},{"login":"nitins17","count":17,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/nitins17"},{"login":"kanglant","count":10,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kanglant"},{"login":"Lifann","count":7,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Lifann"},{"login":"vam-google","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/vam-google"},{"login":"angerson","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/angerson"},{"login":"quoctruong","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/quoctruong"},{"login":"chihuahua","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/chihuahua"},{"login":"learning-to-play","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/learning-to-play"},{"login":"MarkDaoust","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/MarkDaoust"},{"login":"mattdangerw","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mattdangerw"},{"login":"MichaelHudgins","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/MichaelHudgins"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/tensorflow-cpu/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/tensorflow-cpu/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/tensorflow-cpu/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/tensorflow-cpu/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/tensorflow-cpu/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/tensorflow-cpu/codemeta","maintainers":[{"uuid":"tf-nightly","login":"tf-nightly","name":null,"email":null,"url":null,"packages_count":25,"html_url":"https://pypi.org/user/tf-nightly/","role":null,"created_at":"2023-02-25T14:59:10.338Z","updated_at":"2023-02-25T14:59:10.338Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/tf-nightly/packages"},{"uuid":"mihaimaruseac","login":"mihaimaruseac","name":null,"email":null,"url":null,"packages_count":12,"html_url":"https://pypi.org/user/mihaimaruseac/","role":null,"created_at":"2023-02-25T14:59:10.318Z","updated_at":"2023-02-25T14:59:10.318Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/mihaimaruseac/packages"},{"uuid":"rostam","login":"rostam","name":null,"email":null,"url":null,"packages_count":6,"html_url":"https://pypi.org/user/rostam/","role":null,"created_at":"2023-02-25T14:59:10.332Z","updated_at":"2023-02-25T14:59:10.332Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/rostam/packages"}]}