AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first
Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 11 of 311 results — Medium severity, no patch
MEDIUM CVE-2020-15204

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results...

CVSS 5.3 tensorflow
View details
MEDIUM CVE-2020-15201

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the...

CVSS 4.8 tensorflow CWE-787
View details
MEDIUM CVE-2020-15200

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the...

CVSS 5.9 tensorflow CWE-787
View details
MEDIUM CVE-2020-15199

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor...

CVSS 5.9 tensorflow CWE-20
View details
MEDIUM CVE-2020-15198

In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the...

CVSS 5.4 tensorflow CWE-119
View details
MEDIUM CVE-2020-15197

In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the...

CVSS 6.3 tensorflow
View details
MEDIUM CVE-2020-15194

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although...

CVSS 5.3 tensorflow CWE-617
View details
MEDIUM CVE-2020-15192

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the...

CVSS 4.3 tensorflow CWE-20
View details
MEDIUM CVE-2020-15191

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status`...

CVSS 5.3 tensorflow CWE-252
View details
MEDIUM CVE-2020-15190

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value,...

CVSS 5.3 tensorflow CWE-476
View details
MEDIUM CVE-2018-21233

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP...

CVSS 6.5 tensorflow CWE-125
View details

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial