Versions
= 2.0.0
< 1.15.2
= 2.2.0
>= 2.2.0, < 2.2.1
>= 2.3.0, < 2.3.2
>= 2.8.0rc0, < 2.8.1
< 2.5.3
< 2.4.4
< 2.11.1
< 2.3.3
>=2.3.0, < 2.3.3
>= 2.6.0, < 2.6.1
= 2.8.0-rc0
< 2.3.4
>= 2.4.0, < 2.4.3
< 2.7.4
.4.0rc*
>= 2.8.0, < 2.8.1
>= 2.1.0, < 2.1.2
>= 2.0.0, < 2.0.3
< 2.4.0
>= 2.4.0, < 2.4.2
>= 2.10.0, < 2.10.1
== 2.8.0
>= 2.3.0, < 2.3.3
>= 2.1.0, < 2.1.3
>= 2.7.0, < 2.7.1
< 2.1.1
< 2.6.4
= 2.3.0
>= 2.9.0, < 2.9.1
>= 2.6.0, < 2.6.3
< 2.8.0
>= 2.5.0, < 2.5.2
< 2.4.3
>= 2.5.0, < 2.5.1
>= 2.7.0, < 2.8.0
< 2.1.4
< 2.8.4
< 2.5.1
0
>= 2.3.0, < 2.3.1
>= 2.6.0rc0, < 2.6.0rc2
>= 2.2.0, < 2.2.3
< 2.13.0
>= 2.7.0rc0, < 2.7.2
< 1.15.5
< 1.15.4
< 1.15
>= 2.2.0, < 2.2.2
< 2.9.3
>= 2.0.0, < 2.0.4
>= 2.9.0, < 2.9.3
< 2.7.2
>= 2.9.0rc0, < 2.9.0
Recent CVEs
CVE-2023-33976
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.
CVE-2024-3660
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.
CVE-2023-25659
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
CVE-2023-25662
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
CVE-2023-25663
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.
CVE-2023-25667
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
CVE-2023-25666
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
CVE-2023-25670
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
CVE-2023-25672
TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
CVE-2023-25674
TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.