Known Vulnerabilities for products from TensorFlow
Listed below are 20 of the newest known vulnerabilities associated with the vendor "TensorFlow".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-2492 json | Not Provided | 2026-02-20 | 2026-06-30 | |
| CVE-2026-1462 json | Not Provided | 2026-04-13 | 2026-07-10 | |
| CVE-2021-35958 json | ** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.uti... | 9.1 - CRITICAL | 2021-06-30 | 2023-11-07 |
| CVE-2020-26269 json | In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing patte... | 7.5 - HIGH | 2020-12-10 | 2021-08-17 |
| CVE-2020-26267 json | In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format at... | 7.8 - HIGH | 2020-12-10 | 2021-08-17 |
| CVE-2020-15266 json | In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU k... | 7.5 - HIGH | 2020-10-21 | 2021-11-18 |
| CVE-2020-15265 json | In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`... | 7.5 - HIGH | 2020-10-21 | 2021-08-17 |
| CVE-2020-15214 json | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fa... | 8.1 - HIGH | 2020-09-25 | 2021-08-17 |
| CVE-2020-15213 json | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an ou... | 4 - MEDIUM | 2020-09-25 | 2021-11-18 |
| CVE-2020-15212 json | In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap all... | 8.6 - HIGH | 2020-09-25 | 2021-08-17 |
| CVE-2020-15211 json | In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double ... | 4.8 - MEDIUM | 2020-09-25 | 2021-09-16 |
| CVE-2020-15210 json | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as bot... | 6.5 - MEDIUM | 2020-09-25 | 2021-11-18 |
| CVE-2020-15209 json | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as ... | 5.9 - MEDIUM | 2020-09-25 | 2021-09-16 |
| CVE-2020-15208 json | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two t... | 9.8 - CRITICAL | 2020-09-25 | 2021-09-16 |
| CVE-2020-15207 json | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TF... | 9 - CRITICAL | 2020-09-25 | 2021-11-18 |
| CVE-2020-15206 json | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer a... | 7.5 - HIGH | 2020-09-25 | 2021-09-16 |
| CVE-2020-15205 json | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` ... | 9.8 - CRITICAL | 2020-09-25 | 2021-11-18 |
| CVE-2020-15204 json | In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, callin... | 5.3 - MEDIUM | 2020-09-25 | 2021-09-16 |
| CVE-2020-15203 json | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_stri... | 7.5 - HIGH | 2020-09-25 | 2021-11-18 |
| CVE-2020-15202 json | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument ... | 9 - CRITICAL | 2020-09-25 | 2021-11-18 |
Known software with vulnerabilities from TensorFlow
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Tensorflow | Tensorflow | - |