{"ok":true,"source":"avidml/avid-db","source_license":"MIT","capturedAt":"2026-06-10T03:00:28.984Z","total_in_snapshot":50,"returned_count":25,"entries":[{"report_id":"AVID-2026-R1002","data_version":"0.3.3","reported_date":"2022-02-15","developers":["Jenkins project"],"deployers":["Jenkins project"],"artifacts":[{"type":"System","name":"Jenkins Checkmarx Plugin"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\nReason for inclusion in AVID: CVE-2022-25201 describes a credential leakage vulnerability in the Jenkins Checkmarx Plugin (older versions) where an attacker with basic Jenkins permissions can exfiltrate credentials by connecting to an attacker-controlled server. Jenkins and its plugins are widely used in CI/CD pipelines that build, test, and deploy AI software, models, and data pipelines. Therefore, this is a software supply chain vulnerability that can impact general-purpose AI systems when such CI/CD components are part of their build/deploy workflow. It is an actionable security flaw (credential theft) with clear impact in software supply chains, not hardware-only.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-25201"},{"type":"source","label":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1017","url":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1017"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R1002.json"},{"report_id":"AVID-2026-R1001","data_version":"0.3.3","reported_date":"2022-03-17","developers":["gradio-app"],"deployers":["gradio-app"],"artifacts":[{"type":"System","name":"gradio"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user's computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs.\n\nReason for inclusion in AVID: CVE-2022-24770 describes a security vulnerability in the Gradio AI tooling library where saved CSV outputs can be manipulated to trigger Excel formula execution, potentially leading to arbitrary command execution. Gradio is used in AI model demos and pipelines; the issue involves a software dependency used to build/run AI systems, and it is clearly a security flaw with CVE coverage and a public fix. This aligns with AI-related software supply chain vulnerabilities.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-24770"},{"type":"source","label":"https://github.com/gradio-app/gradio/security/advisories/GHSA-f8xq-q7px-wg8c","url":"https://github.com/gradio-app/gradio/security/advisories/GHSA-f8xq-q7px-wg8c"},{"type":"source","label":"https://github.com/gradio-app/gradio/pull/817","url":"https://github.com/gradio-app/gradio/pull/817"},{"type":"source","label":"https://github.com/gradio-app/gradio/commit/80fea89117358ee105973453fdc402398ae20239","url":"https://github.com/gradio-app/gradio/commit/80fea89117358ee105973453fdc402398ae20239"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R1001.json"},{"report_id":"AVID-2026-R1000","data_version":"0.3.3","reported_date":"2022-03-31","developers":["jupyter"],"deployers":["jupyter"],"artifacts":[{"type":"System","name":"notebook"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.\n\nReason for inclusion in AVID: CVE-2022-24758 describes a vulnerability in Jupyter Notebook server where 5xx errors cause sensitive information (auth cookies and headers) to be logged, enabling unauthorized access via log files. This is a software vulnerability affecting a widely-used AI tooling component, impacting the software supply chain for AI systems (development/deployment environments rely on Jupyter). The CVE provides clear evidence (affected versions, patch details, advisory) and indicates high risk, with no known workarounds and a patch available in 6.4.x. Therefore it should be kept for AVID curation as a software-supply-chain-relevant vulnerability in AI stacks.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-24758"},{"type":"source","label":"https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55","url":"https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R1000.json"},{"report_id":"AVID-2026-R0999","data_version":"0.3.3","reported_date":"2022-03-23","developers":["jupyter-server"],"deployers":["jupyter-server"],"artifacts":[{"type":"System","name":"jupyter_server"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.\n\nReason for inclusion in AVID: CVE-2022-24757 describes a software vulnerability in Jupyter Server where sensitive authentication data could be written to server logs, enabling leakage of cookies. This is a software issue affecting a component (Jupyter Server) commonly used in AI development and deployment pipelines (not hardware/firmware). It directly impacts the security of AI workflows by potentially exposing credentials. The report provides CVE details, affected version range, and a patch, satisfying AVID evidence requirements. This vulnerability sits in the software supply chain (dependencies/runtimes used in AI systems).","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-24757"},{"type":"source","label":"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr","url":"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr"},{"type":"source","label":"https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a","url":"https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0999.json"},{"report_id":"AVID-2026-R0998","data_version":"0.3.3","reported_date":"2022-07-24","developers":["Apache Software Foundation"],"deployers":["Apache Software Foundation"],"artifacts":[{"type":"System","name":"Apache MXNet"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.\n\nReason for inclusion in AVID: CVE-2022-24294 describes a denial-of-service vulnerability in Apache MXNet's RTC module caused by a crafted model load operation (excessive resource consumption due to a regular expression). This affects the MXNet framework, a core AI software component used to build/train/deploy ML models, making it a software supply-chain issue within AI stacks. It is a security vulnerability (DoS) with explicit impact details and affected versions.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-24294"},{"type":"source","label":"https://lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o","url":"https://lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o"},{"type":"source","label":"http://www.openwall.com/lists/oss-security/2022/07/24/2","url":"http://www.openwall.com/lists/oss-security/2022/07/24/2"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0998.json"},{"report_id":"AVID-2026-R0997","data_version":"0.3.3","reported_date":"2022-09-23","developers":["Apache Software Foundation"],"deployers":["Apache Software Foundation"],"artifacts":[{"type":"System","name":"Apache Pulsar"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier.\n\nReason for inclusion in AVID: CVE-2022-24280 describes an improper input validation vulnerability in the Apache Pulsar Proxy that can be exploited to perform DoS by making TCP/IP connection attempts from the proxy's IP. Pulsar Proxy is a software component commonly used in data pipelines and AI/ML workloads (data ingestion/streaming) and thus is a software supply-chain element relevant to general-purpose AI systems. The CVE provides explicit vulnerability behavior and affected versions, giving sufficient evidence for inclusion.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-24280"},{"type":"source","label":"https://lists.apache.org/thread/ghs9jtjfbpy4c6xcftyvkl6swznlom1v","url":"https://lists.apache.org/thread/ghs9jtjfbpy4c6xcftyvkl6swznlom1v"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0997.json"},{"report_id":"AVID-2026-R0996","data_version":"0.3.3","reported_date":"2022-08-05","developers":["GitLab"],"deployers":["GitLab"],"artifacts":[{"type":"System","name":"GitLab"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.\n\nReason for inclusion in AVID: The CVE describes a vulnerability in GitLab that can be exploited via crafted branch names to facilitate supply chain attacks by manipulating pinned commits. GitLab is a core component used in software supply chains and commonly used in AI development pipelines (CI/CD, artifact hosting). This is a security vulnerability with clear impact on integrity, and the report provides signal (CVE entry, description, CVSS). Therefore it should be curated as a vulnerability in the AI supply chain.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-2417"},{"type":"source","label":"https://gitlab.com/gitlab-org/gitlab/-/issues/361179","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/361179"},{"type":"source","label":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2417.json","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2417.json"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0996.json"},{"report_id":"AVID-2026-R0995","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23595 describes a null pointer dereference in TensorFlow during XLA cache construction, a software vulnerability in a core AI framework. TensorFlow is a key component in AI software stacks, so this affects the AI software supply chain (dependencies/frameworks used to build/train/deploy AI systems). The report provides CVE details, affected versions, and references, supporting evidence for a security vulnerability in the AI pipeline.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23595"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8","url":"https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104","url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0995.json"},{"report_id":"AVID-2026-R0994","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.\n\nReason for inclusion in AVID: CVE-2022-23594 is a software vulnerability in TensorFlow (an AI framework). It affects the software stack used to build/train/deploy AI systems (GraphDef to MLIR conversion), making it a software supply-chain issue for general-purpose AI systems. It is a CVE-style security vulnerability (out-of-bounds read) with clear impact details, affecting AI software components rather than hardware/firmware alone.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23594"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport","url":"https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0994.json"},{"report_id":"AVID-2026-R0993","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.\n\nReason for inclusion in AVID: CVE-2022-23593 describes a segfault vulnerability in TensorFlow's MLIR-TFRT path that can cause denial of service when invoked with scalar shapes. TensorFlow is a core AI/ML framework, and this vulnerability affects software used to build/train/deploy AI systems, impacting the AI software supply chain. The report includes CVE details, affected components, and a fix timeline, providing clear evidence for inclusion.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23593"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a","url":"https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205","url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0993.json"},{"report_id":"AVID-2026-R0992","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.\n\nReason for inclusion in AVID: The CVE describes a heap/out-of-bounds read vulnerability in TensorFlow's type inference, affecting an AI framework used to build/train/deploy AI systems. It is a software vulnerability in a core AI supply-chain component (TensorFlow), not hardware/firmware. The report provides affected versions and remediation, indicating an exploitable security flaw relevant to AI pipelines.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23592"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd","url":"https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229","url":"https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0992.json"},{"report_id":"AVID-2026-R0991","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23591 describes a stack overflow in TensorFlow's GraphDef processing that can be triggered during loading of a SavedModel, causing a potential denial of service. TensorFlow is a core AI framework; this vulnerability affects software components used to build, train, deploy, or serve AI models, representing a software supply chain issue in AI stacks. The report includes CVE details, affected versions, and CVSS-based impact, signaling a security vulnerability.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23591"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c","url":"https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0991.json"},{"report_id":"AVID-2026-R0990","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23589 describes a null pointer dereference in TensorFlow Grappler IsConstant, a vulnerability in a widely-used AI/ML software stack (TensorFlow). It affects the Grappler component used during graph optimization in TensorFlow, and can be triggered by crafted SavedModel inputs, leading to a crash (availability impact). This is a software supply-chain issue in a core AI framework/dependency used to build and run general-purpose AI systems; it is not hardware/firmware-only. Sufficient evidence: the report includes CVE details, affected versions, impact, remediation/commit references, and links.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23589"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf","url":"https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1","url":"https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0990.json"},{"report_id":"AVID-2026-R0989","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23587 describes an integer overflow in TensorFlow's Grappler cost estimator, a core AI framework component. This affects the software stack used to build, train, deploy, and run AI models, i.e., a general-purpose AI system supply chain component. It is a vulnerability with potential security impact (undefined behavior, potential exploitation), and the report provides explicit references (CVE entry, GitHub advisory/commit). Therefore it satisfies all AVID criteria for AI-related, GP AI supply chain, security/safety vulnerability, with sufficient evidence.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23587"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2q"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/0aaaae6eca5a7175a193696383f582f53adab23f","url":"https://github.com/tensorflow/tensorflow/commit/0aaaae6eca5a7175a193696383f582f53adab23f"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L2621-L2689","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L2621-L2689"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0989.json"},{"report_id":"AVID-2026-R0988","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23586 describes a vulnerability in TensorFlow where a crafted SavedModel can trigger assertions and crash the Python interpreter, causing a denial of service. TensorFlow is a core AI/ML framework, and this vulnerability affects the software stack used to build, train, deploy, and run general-purpose AI systems (e.g., models and serving pipelines). The report provides explicit evidence (CVE, affected versions, fixed versions, CVSS details, and references), satisfying the criteria for a software supply-chain vulnerability in AI systems.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23586"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645","url":"https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2","url":"https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0988.json"},{"report_id":"AVID-2026-R0987","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23585 describes a memory leak in TensorFlow's PNG decoding path, a core AI software stack dependency. The issue can cause resource exhaustion (memory leak) via error paths in image decoding, affecting AI model training/inference pipelines that rely on TensorFlow. It is a software supply chain vulnerability since it resides in a widely used AI framework and impacts components used to build/run AI systems. The report provides CVE details, affected components, and references, supporting classification as a security/safety vulnerability with actionable fixes. Therefore, it satisfies all four label checks.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23585"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq6p-6334-8gr4","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq6p-6334-8gr4"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/ab51e5b813573dc9f51efa335aebcf2994125ee9","url":"https://github.com/tensorflow/tensorflow/commit/ab51e5b813573dc9f51efa335aebcf2994125ee9"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0987.json"},{"report_id":"AVID-2026-R0986","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23584 describes a use-after-free vulnerability in TensorFlow's PNG decoding path. TensorFlow is a core AI framework used in ML pipelines, so this is a software vulnerability in a component commonly used to build/train/deploy AI systems. It affects software supply chain aspects (dependencies/frameworks) rather than hardware/firmware. The CVE includes explicit security impact, affected software, and references to fixes, meeting criteria for AI relevance, supply chain relevance, and security impact.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23584"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/e746adbfcfee15e9cfdb391ff746c765b99bdf9b","url":"https://github.com/tensorflow/tensorflow/commit/e746adbfcfee15e9cfdb391ff746c765b99bdf9b"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L339-L346","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L339-L346"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0986.json"},{"report_id":"AVID-2026-R0985","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23583 describes a vulnerability in TensorFlow where a crafted SavedModel can trigger CHECK failures, leading to a denial of service. This affects an AI framework used to build/deploy ML systems, and involves processing of model artifacts and runtime components. As a vulnerability in a software dependency used in AI pipelines (not hardware/firmware), it is relevant to the AI supply chain (dependencies, runtimes, model-serving/tools). The report provides specific details, affected versions, and remediation, constituting sufficient evidence.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23583"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9","url":"https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0985.json"},{"report_id":"AVID-2026-R0984","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23582 describes a vulnerability in TensorFlow (an Open Source ML framework) where an attacker can cause a denial of service by altering a SavedModel, triggering CHECK failures. This directly concerns AI/ML software stacks and frameworks, is present in a widely used component in AI pipelines, and has explicit CVE details, affected versions, and a fix. Therefore it is an AI software supply-chain vulnerability affecting general-purpose AI systems, with clear security impact and sufficient evidence.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23582"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02","url":"https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0984.json"},{"report_id":"AVID-2026-R0983","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23581 describes a denial-of-service vulnerability in TensorFlow's Grappler optimizer triggered by crafted SavedModel graphs, affecting TensorFlow (a core AI framework). This concerns software used to build/train/deploy AI systems, i.e., a component of the AI software stack, not hardware-only. The CVE entry provides explicit impact, affected versions, and fixes, offering sufficient evidence for a security vulnerability in the AI software supply chain.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23581"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082","url":"https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6","url":"https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1","url":"https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0983.json"},{"report_id":"AVID-2026-R0982","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23580 describes a vulnerability in TensorFlow where shape inference can allocate a large vector based on user-controlled input, causing uncontrolled resource consumption (DoS). TensorFlow is a core AI framework used in building and running ML pipelines, so this is a software vulnerability affecting AI systems. The CVE includes explicit impact, affected versions, and references, providing clear evidence of a security vulnerability in a software component integral to AI supply chains.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23580"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7","url":"https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0982.json"},{"report_id":"AVID-2026-R0981","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: The candidate describes CVE-2022-23579, a security vulnerability in TensorFlow's Grappler that can cause a denial of service by altering a SavedModel. TensorFlow is an AI framework widely used in ML model build/train/deploy pipelines. The issue affects software components used to build/run general-purpose AI systems, representing a software supply-chain vulnerability within AI tooling. The description provides CVE details, affected versions, impact (DoS), and references, supporting evidence for classification.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23579"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662","url":"https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0981.json"},{"report_id":"AVID-2026-R0980","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: TensorFlow is an AI framework used in ML pipelines. The CVE-2022-23578 describes a memory leak vulnerability in TensorFlow (software component used in AI systems), with evidence of affected versions and a fix. This maps to a software supply chain issue in AI stacks (dependencies/runtimes) and is within the scope of AVID’s AI supply chain focus.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23578"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8r7c-3cm2-3h8f","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8r7c-3cm2-3h8f"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd","url":"https://github.com/tensorflow/tensorflow/commit/c79ccba517dbb1a0ccb9b01ee3bd2a63748b60dd"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/common_runtime/immutable_executor_state.cc#L84-L262"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0980.json"},{"report_id":"AVID-2026-R0979","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23577 describes a null pointer dereference in TensorFlow, a widely-used AI framework. It affects software used to build/train/serve AI systems (dependency in ML pipelines). It is a security/safety vulnerability with availability impact (crash). Evidence is provided (CVE entry, advisory, commit). Therefore it should be kept for AVID curation as a software supply-chain vulnerability in general-purpose AI systems.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23577"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250","url":"https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/cc/saved_model/loader_util.cc#L31-L61"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0979.json"},{"report_id":"AVID-2026-R0978","data_version":"0.3.3","reported_date":"2022-02-04","developers":["tensorflow"],"deployers":["tensorflow"],"artifacts":[{"type":"System","name":"tensorflow"}],"problem_class":"CVE Entry","problem_type":"Advisory","description":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\nReason for inclusion in AVID: CVE-2022-23576 is an integer overflow vulnerability in TensorFlow's OpLevelCostEstimator that affects TensorFlow versions and can impact AI software stacks. TensorFlow is a core AI framework used in training/deploying AI systems; this is a software supply-chain vulnerability in a dependency commonly used in general-purpose AI pipelines. The issue is security-related (overflow, potential crash/DoS) and enough evidence is provided in the advisory, with CVSS metrics and affected versions.","risk_domains":["Security"],"sep_view":["S0100: Software Vulnerability"],"lifecycle_view":["L06: Deployment"],"taxonomy_version":"0.2","metrics":[],"references":[{"type":"source","label":"NVD entry","url":"https://www.cve.org/CVERecord?id=CVE-2022-23576"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae","url":"https://github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae"},{"type":"source","label":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617","url":"https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1598-L1617"}],"credit":[],"avid_url":"https://github.com/avidml/avid-db/blob/main/reports/2026/AVID-2026-R0978.json"}],"attribution":{"source":"AVID (AI Vulnerability Database) - github.com/avidml/avid-db","license":"MIT. Redistribution permitted with attribution.","notes":"TensorFeed mirrors the ~50 most-recent reports. Derived per-vendor and per-risk-domain exposure on /api/premium/ai-safety/incidents/exposure."}}