Known Vulnerabilities for products from TensorFlow

Listed below are 20 of the newest known vulnerabilities associated with the vendor "TensorFlow".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-2492 json Not Provided 2026-02-20 2026-06-30
CVE-2026-1462 json Not Provided 2026-04-13 2026-07-10
CVE-2021-35958 json ** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.uti... 9.1 - CRITICAL 2021-06-30 2023-11-07
CVE-2020-26269 json In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing patte... 7.5 - HIGH 2020-12-10 2021-08-17
CVE-2020-26267 json In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format at... 7.8 - HIGH 2020-12-10 2021-08-17
CVE-2020-15266 json In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU k... 7.5 - HIGH 2020-10-21 2021-11-18
CVE-2020-15265 json In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`... 7.5 - HIGH 2020-10-21 2021-08-17
CVE-2020-15214 json In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fa... 8.1 - HIGH 2020-09-25 2021-08-17
CVE-2020-15213 json In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an ou... 4 - MEDIUM 2020-09-25 2021-11-18
CVE-2020-15212 json In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap all... 8.6 - HIGH 2020-09-25 2021-08-17
CVE-2020-15211 json In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double ... 4.8 - MEDIUM 2020-09-25 2021-09-16
CVE-2020-15210 json In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as bot... 6.5 - MEDIUM 2020-09-25 2021-11-18
CVE-2020-15209 json In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as ... 5.9 - MEDIUM 2020-09-25 2021-09-16
CVE-2020-15208 json In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two t... 9.8 - CRITICAL 2020-09-25 2021-09-16
CVE-2020-15207 json In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TF... 9 - CRITICAL 2020-09-25 2021-11-18
CVE-2020-15206 json In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer a... 7.5 - HIGH 2020-09-25 2021-09-16
CVE-2020-15205 json In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` ... 9.8 - CRITICAL 2020-09-25 2021-11-18
CVE-2020-15204 json In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, callin... 5.3 - MEDIUM 2020-09-25 2021-09-16
CVE-2020-15203 json In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_stri... 7.5 - HIGH 2020-09-25 2021-11-18
CVE-2020-15202 json In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument ... 9 - CRITICAL 2020-09-25 2021-11-18

Known software with vulnerabilities from TensorFlow

Type Vendor Product Version
ApplicationTensorflowTensorflow-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report