TensorFlow — CVE history (PyPI)

TensorFlow

404 CVEs affect the TensorFlow PyPI package (highest CVSS 9.8). Latest disclosed: 2026-02-20. Full CVE history sourced from NVD.

Summary

Package
TensorFlow (PyPI)
Total CVEs
404
Actively exploited (CISA KEV)
0
Highest CVSS
9.8
Latest disclosed
2026-02-20

Recent CVEs (top 20)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2492High7.02026-02-20TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability.
CVE-2025-06492025-05-06Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.
CVE-2023-33976High7.52024-07-30TensorFlow is an end-to-end open source platform for machine learning.
CVE-2023-30767Medium5.52024-02-14Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25661Medium6.52023-03-27TensorFlow is an Open Source Machine Learning Framework.
CVE-2023-25660High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25659High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25658High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25662High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25663High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25664High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25667Medium6.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25666High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25665High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25668Critical9.82023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25669High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25670High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25671High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25672High7.52023-03-24TensorFlow is an open source platform for machine learning.
CVE-2023-25673High7.52023-03-24TensorFlow is an open source platform for machine learning.

All-time worst (top 10 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25668Critical9.82023-03-24TensorFlow is an open source platform for machine learning.
CVE-2021-37678Critical9.32021-08-12TensorFlow is an end-to-end open source platform for machine learning.
CVE-2020-15202Critical9.02020-09-25In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments.
CVE-2020-15205Critical9.02020-09-25In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation.
CVE-2020-15206Critical9.02020-09-25In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model.
CVE-2022-23561High8.82022-02-04Tensorflow is an Open Source Machine Learning Framework.
CVE-2022-23559High8.82022-02-04Tensorflow is an Open Source Machine Learning Framework.
CVE-2022-23560High8.82022-02-04Tensorflow is an Open Source Machine Learning Framework.
CVE-2022-23574High8.82022-02-04Tensorflow is an Open Source Machine Learning Framework.
CVE-2022-23566High8.82022-02-04Tensorflow is an Open Source Machine Learning Framework.