chore(findings): opensource/tensorflow/tensorflow-serving

Summary

opensource/tensorflow/tensorflow-serving has 132 new findings discovered during continuous monitoring.

Layer: redhat/ubi/ubi9:9.5 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/tensorflow/tensorflow-serving&tag=2.18.0-ubi9&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	epss_score	kev
CVE-2024-1931	Twistlock CVE	Medium	unbound-1.16.2-19.el9_6.1	0.06753	false
CVE-2024-1931	Anchore CVE	Medium	unbound-libs-1.16.2-19.el9_6.1	0.06753	false
CVE-2024-33655	Twistlock CVE	Low	unbound-1.16.2-19.el9_6.1	0.04101	false
CVE-2024-33655	Anchore CVE	Low	unbound-libs-1.16.2-19.el9_6.1	0.04101	false
CVE-2024-7264	Twistlock CVE	Low	curl-7.76.1-31.el9_6.1	0.03211	false
CVE-2024-7264	Anchore CVE	Low	libcurl-minimal-7.76.1-31.el9_6.1	0.03211	false
CVE-2024-7264	Anchore CVE	Low	curl-minimal-7.76.1-31.el9_6.1	0.03211	false
CVE-2024-56433	Anchore CVE	Low	shadow-utils-2:4.9-12.el9	0.02806	false
CVE-2024-9681	Twistlock CVE	Low	curl-7.76.1-31.el9_6.1	0.00488	false
CVE-2024-9681	Anchore CVE	Low	libcurl-minimal-7.76.1-31.el9_6.1	0.00488	false
CVE-2024-9681	Anchore CVE	Low	curl-minimal-7.76.1-31.el9_6.1	0.00488	false
CVE-2024-11053	Twistlock CVE	Low	curl-7.76.1-31.el9_6.1	0.00239	false
CVE-2024-11053	Anchore CVE	Low	libcurl-minimal-7.76.1-31.el9_6.1	0.00239	false
CVE-2024-11053	Anchore CVE	Low	curl-minimal-7.76.1-31.el9_6.1	0.00239	false
CVE-2024-0397	Anchore CVE	Low	python3-libs-3.9.21-2.el9_6.2	0.00226	false
CVE-2024-0397	Anchore CVE	Low	python3-3.9.21-2.el9_6.2	0.00226	false
CVE-2024-34459	Twistlock CVE	Low	libxml2-2.9.13-12.el9_6	0.00208	false
CVE-2024-34459	Anchore CVE	Low	libxml2-2.9.13-12.el9_6	0.00208	false
CVE-2025-1153	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00185	false
CVE-2025-1153	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00185	false
CVE-2025-1795	Twistlock CVE	Low	python3.9-3.9.21-2.el9_6.2	0.00184	false
CVE-2025-1795	Anchore CVE	Low	python3-3.9.21-2.el9_6.2	0.00184	false
CVE-2025-1795	Anchore CVE	Low	python3-libs-3.9.21-2.el9_6.2	0.00184	false
CVE-2023-32636	Twistlock CVE	Low	glib2-2.68.4-16.el9_6.2	0.00179	false
CVE-2023-32636	Anchore CVE	Low	glib2-2.68.4-16.el9_6.2	0.00179	false
CVE-2025-1632	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00136	false
CVE-2025-1632	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00136	false
CVE-2021-45941	Twistlock CVE	Medium	libbpf-1.5.0-1.el9	0.00117	false
CVE-2021-45941	Anchore CVE	Medium	libbpf-2:1.5.0-1.el9	0.00117	false
CVE-2021-45940	Twistlock CVE	Medium	libbpf-1.5.0-1.el9	0.00117	false
CVE-2021-45940	Anchore CVE	Low	libbpf-2:1.5.0-1.el9	0.00117	false
CVE-2025-8194	Anchore CVE	Medium	python3-3.9.21-2.el9_6.2	0.00096	false
CVE-2025-8194	Anchore CVE	Medium	python3-libs-3.9.21-2.el9_6.2	0.00096	false
CVE-2025-6069	Twistlock CVE	Medium	python3.9-3.9.21-2.el9_6.2	0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python3-libs-3.9.21-2.el9_6.2	0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python3-3.9.21-2.el9_6.2	0.00090	false
CVE-2025-1152	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00081	false
CVE-2025-1152	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00081	false
CVE-2025-1150	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00081	false
CVE-2025-1150	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00081	false
CVE-2023-45322	Anchore CVE	Low	libxml2-2.9.13-12.el9_6	0.00076	false
CVE-2025-1151	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00075	false
CVE-2025-1151	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00075	false
CVE-2025-32990	Twistlock CVE	Medium	gnutls-3.8.3-6.el9	0.00072	false
CVE-2025-32990	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9	0.00072	false
CVE-2025-32990	Anchore CVE	Medium	gnutls-3.8.3-6.el9	0.00072	false
CVE-2025-32990	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9	0.00072	false
CVE-2025-1377	Twistlock CVE	Low	elfutils-0.192-6.el9_6	0.00065	false
CVE-2025-1377	Anchore CVE	Low	elfutils-default-yama-scope-0.192-6.el9_6	0.00065	false
CVE-2025-1377	Anchore CVE	Low	elfutils-libelf-0.192-6.el9_6	0.00065	false
CVE-2025-1377	Anchore CVE	Low	elfutils-libs-0.192-6.el9_6	0.00065	false
CVE-2025-6395	Twistlock CVE	Medium	gnutls-3.8.3-6.el9	0.00057	false
CVE-2025-6395	Anchore CVE	Medium	gnutls-3.8.3-6.el9	0.00057	false
CVE-2025-6395	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9	0.00057	false
CVE-2025-6395	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9	0.00057	false
CVE-2025-32988	Twistlock CVE	Medium	gnutls-3.8.3-6.el9	0.00056	false
CVE-2025-32988	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9	0.00056	false
CVE-2025-32988	Anchore CVE	Medium	gnutls-3.8.3-6.el9	0.00056	false
CVE-2025-32988	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9	0.00056	false
CVE-2025-27113	Twistlock CVE	Low	libxml2-2.9.13-12.el9_6	0.00055	false
CVE-2025-27113	Anchore CVE	Low	libxml2-2.9.13-12.el9_6	0.00055	false
CVE-2025-3360	Twistlock CVE	Low	glib2-2.68.4-16.el9_6.2	0.00054	false
CVE-2025-3360	Anchore CVE	Low	glib2-2.68.4-16.el9_6.2	0.00054	false
CVE-2023-50495	Twistlock CVE	Low	ncurses-6.2-10.20210508.el9_6.2	0.00050	false
CVE-2023-50495	Anchore CVE	Low	ncurses-base-6.2-10.20210508.el9_6.2	0.00050	false
CVE-2023-50495	Anchore CVE	Low	ncurses-libs-6.2-10.20210508.el9_6.2	0.00050	false
CVE-2025-1376	Twistlock CVE	Low	elfutils-0.192-6.el9_6	0.00048	false
CVE-2025-1376	Anchore CVE	Low	elfutils-libs-0.192-6.el9_6	0.00048	false
CVE-2025-1376	Anchore CVE	Low	elfutils-default-yama-scope-0.192-6.el9_6	0.00048	false
CVE-2025-1376	Anchore CVE	Low	elfutils-libelf-0.192-6.el9_6	0.00048	false
CVE-2025-4598	Twistlock CVE	Medium	systemd-252-51.el9_6.1	0.00037	false
CVE-2025-4598	Anchore CVE	Medium	systemd-rpm-macros-252-51.el9_6.1	0.00037	false
CVE-2025-4598	Anchore CVE	Medium	systemd-252-51.el9_6.1	0.00037	false
CVE-2025-4598	Anchore CVE	Medium	systemd-pam-252-51.el9_6.1	0.00037	false
CVE-2025-4598	Anchore CVE	Medium	systemd-libs-252-51.el9_6.1	0.00037	false
CVE-2024-43167	Twistlock CVE	Low	unbound-1.16.2-19.el9_6.1	0.00032	false
CVE-2024-43167	Anchore CVE	Low	unbound-libs-1.16.2-19.el9_6.1	0.00032	false
CVE-2024-43168	Twistlock CVE	Low	unbound-1.16.2-19.el9_6.1	0.00031	false
CVE-2024-43168	Anchore CVE	Low	unbound-libs-1.16.2-19.el9_6.1	0.00031	false
CVE-2025-7039	Twistlock CVE	Low	glib2-2.68.4-16.el9_6.2	0.00029	false
CVE-2025-1371	Twistlock CVE	Low	elfutils-0.192-6.el9_6	0.00029	false
CVE-2025-1371	Anchore CVE	Low	elfutils-libs-0.192-6.el9_6	0.00029	false
CVE-2025-1371	Anchore CVE	Low	elfutils-default-yama-scope-0.192-6.el9_6	0.00029	false
CVE-2025-1371	Anchore CVE	Low	elfutils-libelf-0.192-6.el9_6	0.00029	false
CVE-2025-32989	Twistlock CVE	Medium	gnutls-3.8.3-6.el9	0.00026	false
CVE-2025-32989	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9	0.00026	false
CVE-2025-32989	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9	0.00026	false
CVE-2025-32989	Anchore CVE	Medium	gnutls-3.8.3-6.el9	0.00026	false
CVE-2025-8941	Anchore CVE	High	pam-1.5.1-26.el9_6	0.00024	false
CVE-2024-57360	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00024	false
CVE-2024-57360	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00024	false
CVE-2025-5245	Twistlock CVE	Medium	gdb-14.2-4.1.el9_6	0.00022	false
CVE-2025-5245	Anchore CVE	Medium	gdb-gdbserver-14.2-4.1.el9_6	0.00022	false
CVE-2025-6170	Twistlock CVE	Low	libxml2-2.9.13-12.el9_6	0.00021	false
CVE-2025-6170	Anchore CVE	Low	libxml2-2.9.13-12.el9_6	0.00021	false
CVE-2025-4516	Twistlock CVE	Medium	python3.9-3.9.21-2.el9_6.2	0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python3-libs-3.9.21-2.el9_6.2	0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python3-3.9.21-2.el9_6.2	0.00021	false
CVE-2025-5918	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00018	false
CVE-2025-5918	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00018	false
CVE-2025-5278	Twistlock CVE	Medium	coreutils-8.32-39.el9	0.00018	false
CVE-2025-5278	Anchore CVE	Medium	coreutils-single-8.32-39.el9	0.00018	false
CVE-2024-0232	Twistlock CVE	Low	sqlite-3.34.1-8.el9_6	0.00018	false
CVE-2024-0232	Anchore CVE	Low	sqlite-libs-3.34.1-8.el9_6	0.00018	false
CVE-2025-5916	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00017	false
CVE-2025-5916	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00017	false
CVE-2025-5917	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00015	false
CVE-2025-5917	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00015	false
CVE-2025-5915	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00014	false
CVE-2025-5915	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00014	false
CVE-2024-25260	Twistlock CVE	Low	elfutils-0.192-6.el9_6	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-libs-0.192-6.el9_6	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-default-yama-scope-0.192-6.el9_6	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-libelf-0.192-6.el9_6	0.00014	false
CVE-2022-47011	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00014	false
CVE-2022-47011	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00014	false
CVE-2022-47010	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00014	false
CVE-2022-47010	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00014	false
CVE-2022-47007	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00014	false
CVE-2022-47007	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00014	false
CVE-2023-30571	Twistlock CVE	Medium	libarchive-3.5.3-6.el9_6	0.00013	false
CVE-2023-30571	Anchore CVE	Medium	libarchive-3.5.3-6.el9_6	0.00013	false
CVE-2025-3198	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00011	false
CVE-2025-3198	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00011	false
CVE-2022-3606	Twistlock CVE	Low	libbpf-1.5.0-1.el9	0.00010	false
CVE-2022-3606	Anchore CVE	Low	libbpf-2:1.5.0-1.el9	0.00010	false
CVE-2025-9714	Twistlock CVE	Medium	libxml2-2.9.13-12.el9_6	N/A	false
CVE-2023-2222	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	N/A	false
e07d84b039b0e6fcea42fbda1d378647	Anchore Compliance	Critical		N/A	N/A
b18c88ddeab24abfb92ae2ccddb0b022	Anchore Compliance	Low		N/A	N/A
addbb93c22e9b0988b8b40392a4538cb	Anchore Compliance	Low		N/A	N/A
CCE-83450-7	OSCAP Compliance	High		N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/tensorflow/tensorflow-serving&tag=2.18.0-ubi9&branch=master

Novel Tidelift Findings (Experimental)

opensource/tensorflow/tensorflow-serving has 11 novel Tidelift findings discovered during continuous monitoring.

NOTE: This table is for Iron Bank evaluation and testing purposes. No action required by vendors.

id	cvss score	package	impact	workaround	epss_score	kev
CVE-2024-6345	8.8	setuptools-53.0.0	Most users have migrated off of the code paths that are affected. The affected code paths are actively deprecated and planned for turn down. Only specialized and legacy workflows are affected.	Use recommended installers pip, uv, build, system package managers to install all packages from trusted indexes. If working with untrusted content in private indexes, consider scanning for malicious code in the package index pages.	0.09839	false
CVE-2023-32681	6.1	requests-2.25.1	Requires that deployment or integration of requests is being used to a connect to untrusted hosts b is connecting over HTTPS and c is using proxies to do so.		0.06277	false
CVE-2023-43804	8.1	urllib3-1.26.5	Usage of the Cookie header is rare with urllib3. This is more common and useful in browsers. Redirections to another origin are also not the common case.		0.00472	false
CVE-2024-3651	7.5	idna-2.10			0.00338	false
CVE-2022-40897	7.5	setuptools-53.0.0	Code path is deprecated.		0.00318	false
CVE-2024-37891	4.4	urllib3-1.26.5	Theres no reason to set ProxyAuthorization without using urllib3s proxy support.	Using the ProxyAuthorization header with urllib3s ProxyManager. Disabling HTTP redirects using redirectsFalse when sending requests. Not using the ProxyAuthorization header.	0.00193	false
CVE-2025-47273	7.7	setuptools-53.0.0			0.00139	false
CVE-2023-45803	4.2	urllib3-1.26.5	No exploits from real world were reported	Disable redirects for services that you arent expecting to respond with redirects with redirectsFalse.Disable automatic redirects with redirectsFalse and handle 303 redirects manually by stripping the HTTP request body.	0.00055	false
CVE-2024-47081	5.3	requests-2.25.1			0.00028	false
CVE-2024-35195	5.6	requests-2.25.1			0.00022	false
CVE-2025-50182	5.3	urllib3-1.26.5	Pyodide is extremely rare configuration for users in production.		0.00013	false

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Sep 05, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

chore(findings): opensource/tensorflow/tensorflow-serving

Summary

Novel Tidelift Findings (Experimental)

Tasks

Questions?