C++ fuzzing: 
Python fuzzing: 
We regularly publish security advisories about using TensorFlow.
Note: In conjunction with these security advisories, we strongly encourage TensorFlow users to read and understand TensorFlow's security model as outlined in SECURITY.md.
| Advisory Number | Type | Versions affected | Reported by | Additional Information |
|---|---|---|---|---|
| TFSA-2021-166 | Use after free and segfault in shape inference functions | < 2.6.0 | (discovered internally) | |
| TFSA-2021-165 | Segfault on strings tensors with mismatched dimensions, due to Go code | >=2.5.0, < 2.6.0 | (Reported on GitHub) | PR |
| TFSA-2021-164 | FPE in LSH in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-163 | Null pointer dereference in TFLite MLIR optimizations | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-162 | Null pointer dereference in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-161 | Heap OOB in TFLite's Gather* implementations | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-160 | Heap OOB in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-159 | Infinite loop in TFLite | == 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-158 | FPE in TFLite pooling operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-157 | FPE in TFLite division operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-156 | Use of unitialized value in TFLite | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-155 | NPE in TFLite | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-154 | Division by zero in TFLite | < 2.6.0 | Aivul Team from Qihoo 360, Yakun Zhang of Baidu Security | |
| TFSA-2021-153 | Heap OOB in nested tf.map_fn with RaggedTensors | < 2.6.0 | Haris Sahovic | |
| TFSA-2021-152 | Arbitrary code execution due to YAML deserialization | < 2.6.0 | Arjun Shibu | |
| TFSA-2021-151 | Missing validation in shape inference for Dequantize | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-150 | Division by 0 in most convolution operators | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-149 | Reference binding to nullptr in shape inference | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-148 | Incomplete validation in MaxPoolGrad | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-147 | CHECK-fail in MapStage | < 2.6.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-146 | Heap OOB in SdcaOptimizerV2 | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-145 | Reference binding to nullptr in map operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-144 | Heap OOB in UpperBound and LowerBound | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-143 | Crash in NMS ops caused by integer conversion to unsigned | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-142 | FPE in tf.raw_ops.UnravelIndex | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-141 | Reference binding to nullptr in unicode encoding | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-140 | Reference binding to nullptr in RaggedTensorToVariant | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-139 | Incomplete validation in MKL requantization | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-138 | Incomplete validation in QuantizeV2 | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-137 | Heap OOB in boosted trees | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-136 | Reference binding to nullptr in boosted trees | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-135 | Crash caused by integer conversion to unsigned | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-134 | Division by 0 in inplace operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-133 | Reference binding to nullptr and heap OOB in binary cwise ops | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-132 | Reference binding to nullptr in MatrixSetDiagV* ops | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-131 | Reference binding to nullptr in MatrixDiagV* ops | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-130 | Reference binding to nullptr in RaggedTensorToSparse | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-129 | Heap OOB in ResourceScatterUpdate | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-128 | Heap OOB and CHECK fail in ResourceGather | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-127 | Division by 0 in ResourceGather | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-126 | Use after free in boosted trees creation | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-125 | Heap buffer overflow in FractionalAvgPoolGrad | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-124 | Segfault and heap buffer overflow in {Experimental,}DatasetToTFRecord | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-123 | Null pointer dereference in UncompressElement | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-122 | Incorrect validation of SaveV2 inputs | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-121 | Null pointer dereference in SparseTensorSliceDataset | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-120 | Bad alloc in StringNGrams caused by integer conversion | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-119 | Integer overflow due to conversion to unsigned | >=2.4.0, < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-118 | Null pointer dereference in MatrixDiagPartOp | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-117 | std::abort raised from TensorListReserve | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-116 | Heap OOB in RaggedGather | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-115 | Division by 0 in ResourceScatterDiv | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-114 | Integer division by 0 in sparse reshaping | >=2.5.0, < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-113 | Null pointer dereference and heap OOB read in operations restoring tensors | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-112 | Null pointer dereference in RaggedTensorToTensor | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-111 | Null pointer dereference in CompressElement | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-110 | Floating point exception in SparseDenseCwiseDiv | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-109 | Heap out of bounds access in sparse reduction operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-108 | Segfault in tf.raw_ops.ImmutableConst | < 2.5.0 | (discovered internally) | |
| TFSA-2021-107 | Segfault in tf.raw_ops.SparseCountSparseOutput | < 2.5.0 | (discovered internally) | |
| TFSA-2021-106 | Crash in tf.strings.substr due to CHECK-fail | < 2.5.0 | (Reported on GitHub) | issue report |
| TFSA-2021-105 | Crash in tf.transpose with complex inputs | < 2.5.0 | (Reported on GitHub) | issue report |
| TFSA-2021-104 | Null dereference in Grappler's TrySimplify | < 2.5.0 | (discovered internally) | |
| TFSA-2021-103 | Stack overflow in ParseAttrValue with nested tensors | < 2.5.0 | (discovered internally) | |
| TFSA-2021-102 | Interpreter crash from tf.io.decode_raw | < 2.5.0 | (discovered internally) | |
| TFSA-2021-101 | Incomplete validation in tf.raw_ops.CTCLoss | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-100 | Heap buffer overflow in BandedTriangularSolve | < 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-099 | Invalid validation in QuantizeAndDequantizeV2 | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-098 | Incomplete validation in SparseReshape | >=2.3.0, < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-097 | Incomplete validation in SparseSparseMinimum | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-096 | Incomplete validation in SparseAdd | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-095 | Heap OOB and null pointer dereference in RaggedTensorToTensor | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-094 | Heap OOB read in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-093 | Heap OOB write in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-092 | Integer overflow in TFLite memory allocation | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-091 | Integer overflow in TFLite concatentation | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-090 | Division by zero in TFLite's implementation of hashtable lookup | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-089 | Division by zero in TFLite's implementation of DepthwiseConv | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-088 | Division by zero in TFLite's implementation of OneHot | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-087 | Division by zero in TFLite's implementation of Split | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-086 | Division by zero in TFLite's implementation of SVDF | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-085 | Division by zero in TFLite's implementation of SpaceToBatchNd | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-084 | Division by zero in TFLite's implementation of BatchToSpaceNd | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-083 | Division by zero in TFLite's implementation of EmbeddingLookup | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-082 | Division by zero in TFLite's convolution code | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-081 | Division by zero in TFLite's implementation of DepthToSpace | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-080 | Stack overflow due to looping TFLite subgraph | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-079 | Null pointer dereference in TFLite's Reshape operator | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-078 | Heap OOB read in TFLite's implementation of Minimum or Maximum | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-077 | Division by zero in TFLite's implementation of TransposeConv | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-076 | Division by zero in TFLite's implementation of GatherNd | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-075 | Division by zero in TFLite's implementation of SpaceToDepth | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-074 | Division by zero in optimized pooling implementations in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-073 | Division by zero in padding computation in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-072 | Heap buffer overflow and undefined behavior in FusedBatchNorm | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-071 | CHECK-fail due to integer overflow | < 2.5.0 | University of Virginia and University of California, Santa Barbara | |
| TFSA-2021-070 | Heap OOB read in tf.raw_ops.Dequantize | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-069 | Segfault in CTCBeamSearchDecoder | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-068 | Heap buffer overflow in MaxPoolGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-067 | Heap buffer overflow in FractionalAvgPoolGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-066 | Undefined behavior and CHECK-fail in FractionalMaxPoolGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-065 | Heap buffer overflow in AvgPool3DGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-064 | Heap buffer overflow in MaxPool3DGradGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-063 | Undefined behavior in MaxPool3DGradGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-062 | Division by 0 in MaxPoolGradWithArgmax | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-061 | Overflow/denial of service in tf.raw_ops.ReverseSequence | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-060 | Reference binding to nullptr in SdcaOptimizer | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-059 | Memory corruption in DrawBoundingBoxesV2 | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-058 | Heap out of bounds read in RequantizationRange | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-057 | Heap out of bounds read in MaxPoolGradWithArgmax | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-056 | Lack of validation in SparseDenseCwiseMul | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-055 | Reference binding to null in ParameterizedTruncatedNormal | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-054 | Heap OOB access in Dilation2DBackpropInput | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-053 | Null pointer dereference in SparseFillEmptyRows | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-052 | Null pointer dereference in EditDistance | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-051 | CHECK-fail in tf.raw_ops.RFFT | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-050 | CHECK-fail in tf.raw_ops.IRFFT | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-049 | CHECK-fail in LoadAndRemapMatrix | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-048 | Heap buffer overflow in RaggedTensorToTensor | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-047 | Heap OOB access in unicode ops | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-046 | Heap buffer overflow in SparseSplit | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-045 | Division by 0 in Reverse | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-044 | Division by 0 in SparseMatMul | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-043 | Division by 0 in FusedBatchNorm | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-042 | Division by 0 in DenseCountSparseOutput | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-041 | CHECK-failure in UnsortedSegmentJoin | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-040 | Heap OOB in QuantizeAndDequantizeV3 | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-039 | OOB read in MatrixTriangularSolve | < 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-038 | Division by 0 in FractionalAvgPool | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-037 | Division by 0 in QuantizedAdd | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-036 | Division by 0 in QuantizedBatchNormWithGlobalNormalization | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-035 | Heap out of bounds in QuantizedBatchNormWithGlobalNormalization | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-034 | Division by 0 in QuantizedBiasAdd | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-033 | Heap buffer overflow in SparseTensorToCSRSparseMatrix | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-032 | CHECK-fail in CTCGreedyDecoder | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-031 | CHECK-fail in QuantizeAndDequantizeV4Grad | >= 2.4.0, < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-030 | Null pointer dereference in StringNGrams | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-029 | Heap buffer overflow StringNGrams | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-028 | Heap buffer overflow Conv2DBackpropFilter | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-027 | Division by zero in Conv2DBackpropFilter | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-026 | Heap buffer overflow in QuantizedReshape | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-025 | Heap buffer overflow in QuantizedResizeBilinear | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-024 | CHECK-fail in SparseConcat | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-023 | Heap buffer overflow in QuantizedMul | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-022 | CHECK-fail in DrawBoundingBoxes | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-021 | Heap out of bounds read in RaggedCross | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-020 | CHECK-fail in tf.raw_ops.EncodePng | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-019 | Heap buffer overflow caused by rounding | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-018 | Invalid validation in SparseMatrixSparseCholesky | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-017 | Division by 0 in QuantizedMul | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-016 | Division by 0 in QuantizedConv2D | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-015 | Division by 0 in Conv2D | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-014 | Division by 0 in Conv2DBackpropInput | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-013 | Division by 0 in Conv2DBackpropFilter | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-012 | CHECK-fail in AddManySparseToTensorsMap | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-011 | Division by 0 in Conv3DBackprop* | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-010 | Heap buffer overflow in Conv3DBackprop* | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-009 | Segfault in SparseCountSparseOutput | >= 2.3.0, < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-008 | CHECK-fail in SparseCross due to type confusion | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-007 | Session operations in eager mode lead to null pointer dereferences | >= 2.0.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-006 | Division by zero in Conv3D | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-005 | Null pointer dereference via invalid Ragged Tensors | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-004 | Reference binding to null pointer in MatrixDiag* ops | < 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-003 | Type confusion during tensor casts lead to dereferencing null pointers | < 2.5.0 | Aivul Team from Qihoo 360; Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-002 | Heap out of bounds write in RaggedBinCount | >= 2.3.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-001 | Heap buffer overflow in RaggedBinCount | >= 2.3.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-034 | Heap out of bounds access in MakeEdge | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
| TFSA-2020-033 | CHECK-fail in LSTM with zero-length input | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
| TFSA-2020-032 | Heap out of bounds read in filesystem glob matching | 2.4.0-rc{0,1,2,3} | Aivul Team from Qihoo 360 | |
| TFSA-2020-031 | Write to immutable memory region | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-030 | Lack of validation in data format attributes | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-029 | Uninitialized memory access in Eigen types | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
| TFSA-2020-028 | Float cast overflow undefined behavior | <= 2.3 | (Reported on GitHub) | issue report |
| TFSA-2020-027 | Segfault in tf.quantization.quantize_and_dequantize | <= 2.3 | (Reported on GitHub) | issue report |
| TFSA-2020-026 | Segfault in tf.raw_ops.Switch in eager mode | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-025 | Undefined behavior in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-024 | Memory leak in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-023 | Memory corruption in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-022 | Crash due to invalid shape of grad_values in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-021 | Heap buffer overflow in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-020 | Heap buffer overflow in weighted sparse count ops | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-019 | Crash due to invalid splits in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-018 | Heap buffer overflow due to invalid indices in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-017 | Abort due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-016 | Segfault due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-015 | Heap buffer overflow due to invalid splits in RaggedCountSparseOutput | 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-014 | Integer truncation in Shard API usage | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-013 | Format-string vulnerability in TensorFlow's as_string | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-012 | Segfault by calling session-only ops in eager mode | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-011 | Data leak in tf.raw_ops.StringNGrams | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-010 | Incomplete validation in TensorFlow‘s SavedModel’s constant nodes causes segfaults | >= 1.15.0, <= 2.3.0 | Shuaike Dong, Alipay Tian Qian Security Lab | issue report |
| TFSA-2020-009 | Segfault and data corruption caused by negative indexing in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-008 | Data corruption due to dimension mismatch in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-007 | Null pointer dereference in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360, variant analysis | |
| TFSA-2020-006 | Segmentation fault and/or data corruption due to invalid TFLite model | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-005 | Out of bounds access in TFLite operators | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-004 | Out of bounds access in TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-003 | Denial of service from TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-002 | Out of bounds write in TFLite implementation of segment sum | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-001 | Segmentation fault when converting a Python string to tf.float16 | >= 1.12.0, <= 2.1 | (found internally) | |
| TFSA-2019-002 | Heap buffer overflow in UnsortedSegmentSum | <= 1.14 | (found internally) | |
| TFSA-2019-001 | Null Pointer Dereference Error in Decoding GIF Files | <= 1.12 | Baidu Security Lab | |
| TFSA-2018-006 | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-005 | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-004 | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-003 | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-002 | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | |
| TFSA-2018-001 | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | |
| - | Out Of Bounds Read | <= 1.4 | Blade Team of Tencent | issue report |