tensorflow-serving
PatchedData & MLfrom
mirror.gcr.io/tensorflow/servingPull Reference
ghcr.io/verity-org/tensorflow/serving
docker pull ghcr.io/verity-org/tensorflow/serving
Available Versions
2.20.0latest61 CVEs fixed32 remaining
2.19.12 CVEs fixed
2.19.02 CVEs fixed
Copa-Patched Image
Patched in-place from the upstream image usingCopa. OS-level vulnerabilities are fixed without rebuilding \u2014 same layers, same behavior, fewer CVEs.
Supply Chain
Full compliance detailsSignedSLSA L3SBOMRekor
Verify this artifact
Cosign signature
cosign verify \ --certificate-identity-regexp "https://github.com/verity-org/verity/.github/workflows/" \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ ghcr.io/verity-org/tensorflow/serving:2.20.0
Build provenance
gh attestation verify \ oci://ghcr.io/verity-org/tensorflow/serving:2.20.0 \ --owner verity-org
Vulnerability Scan
Found 93 vulnerabilities in the original image. 61 fixed by Copa. 32 remaining after patching.
2 HIGH46 MEDIUM45 LOW
Awaiting upstream fix
No fix is available yet for these vulnerabilities.
- CVE-2026-27456MEDIUM
- Package
- bsdutils
- Installed
- 1:2.37.2-4ubuntu3.5
- Fixed
- CVE-2026-27456MEDIUM
- Package
- libblkid1
- Installed
- 2.37.2-4ubuntu3.5
- Fixed
- CVE-2026-4046MEDIUM
- Package
- libc-bin
- Installed
- 2.35-0ubuntu3.13
- Fixed
- CVE-2026-5435MEDIUM
- Package
- libc-bin
- Installed
- 2.35-0ubuntu3.13
- Fixed
- CVE-2026-6238MEDIUM
- Package
- libc-bin
- Installed
- 2.35-0ubuntu3.13
- Fixed
- CVE-2026-4046MEDIUM
- Package
- libc6
- Installed
- 2.35-0ubuntu3.13
- Fixed
- CVE-2026-5435MEDIUM
- Package
- libc6
- Installed
- 2.35-0ubuntu3.13
- Fixed
- CVE-2026-6238MEDIUM
- Package
- libc6
- Installed
- 2.35-0ubuntu3.13
- Fixed
- CVE-2026-27456MEDIUM
- Package
- libmount1
- Installed
- 2.37.2-4ubuntu3.5
- Fixed
- CVE-2026-13757MEDIUM
- Package
- libp11-kit0
- Installed
- 0.24.0-6build1
- Fixed
- CVE-2026-27456MEDIUM
- Package
- libsmartcols1
- Installed
- 2.37.2-4ubuntu3.5
- Fixed
- CVE-2026-27456MEDIUM
- Package
- libuuid1
- Installed
- 2.37.2-4ubuntu3.5
- Fixed
- CVE-2026-27456MEDIUM
- Package
- mount
- Installed
- 2.37.2-4ubuntu3.5
- Fixed
- CVE-2026-27456MEDIUM
- Package
- util-linux
- Installed
- 2.37.2-4ubuntu3.5
- Fixed
- CVE-2022-27943LOW
- Package
- gcc-12-base
- Installed
- 12.3.0-1ubuntu1~22.04.3
- Fixed
- CVE-2022-27943LOW
- Package
- libgcc-s1
- Installed
- 12.3.0-1ubuntu1~22.04.3
- Fixed
- CVE-2024-2236LOW
- Package
- libgcrypt20
- Installed
- 1.9.4-3ubuntu3.2
- Fixed
- CVE-2023-50495LOW
- Package
- libncurses6
- Installed
- 6.3-2ubuntu0.2
- Fixed
- CVE-2023-50495LOW
- Package
- libncursesw6
- Installed
- 6.3-2ubuntu0.2
- Fixed
- CVE-2022-41409LOW
- Package
- libpcre2-8-0
- Installed
- 10.39-3ubuntu0.1
- Fixed
- CVE-2017-11164LOW
- Package
- libpcre3
- Installed
- 2:8.39-13ubuntu0.22.04.1
- Fixed
- CVE-2022-27943LOW
- Package
- libstdc++6
- Installed
- 12.3.0-1ubuntu1~22.04.3
- Fixed
- CVE-2026-40228LOW
- Package
- libsystemd0
- Installed
- 249.11-0ubuntu3.21
- Fixed
- CVE-2023-50495LOW
- Package
- libtinfo6
- Installed
- 6.3-2ubuntu0.2
- Fixed
- CVE-2026-40228LOW
- Package
- libudev1
- Installed
- 249.11-0ubuntu3.21
- Fixed
- CVE-2022-4899LOW
- Package
- libzstd1
- Installed
- 1.4.8+dfsg-3build1
- Fixed
- CVE-2023-29383LOW
- Package
- login
- Installed
- 1:4.8.1-2ubuntu2.2
- Fixed
- CVE-2024-56433LOW
- Package
- login
- Installed
- 1:4.8.1-2ubuntu2.2
- Fixed
- CVE-2023-50495LOW
- Package
- ncurses-base
- Installed
- 6.3-2ubuntu0.2
- Fixed
- CVE-2023-50495LOW
- Package
- ncurses-bin
- Installed
- 6.3-2ubuntu0.2
- Fixed
- CVE-2023-29383LOW
- Package
- passwd
- Installed
- 1:4.8.1-2ubuntu2.2
- Fixed
- CVE-2024-56433LOW
- Package
- passwd
- Installed
- 1:4.8.1-2ubuntu2.2
- Fixed
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| CVE-2026-27456 | bsdutils | 1:2.37.2-4ubuntu3.5 | MEDIUM | |
| CVE-2026-27456 | libblkid1 | 2.37.2-4ubuntu3.5 | MEDIUM | |
| CVE-2026-4046 | libc-bin | 2.35-0ubuntu3.13 | MEDIUM | |
| CVE-2026-5435 | libc-bin | 2.35-0ubuntu3.13 | MEDIUM | |
| CVE-2026-6238 | libc-bin | 2.35-0ubuntu3.13 | MEDIUM | |
| CVE-2026-4046 | libc6 | 2.35-0ubuntu3.13 | MEDIUM | |
| CVE-2026-5435 | libc6 | 2.35-0ubuntu3.13 | MEDIUM | |
| CVE-2026-6238 | libc6 | 2.35-0ubuntu3.13 | MEDIUM | |
| CVE-2026-27456 | libmount1 | 2.37.2-4ubuntu3.5 | MEDIUM | |
| CVE-2026-13757 | libp11-kit0 | 0.24.0-6build1 | MEDIUM | |
| CVE-2026-27456 | libsmartcols1 | 2.37.2-4ubuntu3.5 | MEDIUM | |
| CVE-2026-27456 | libuuid1 | 2.37.2-4ubuntu3.5 | MEDIUM | |
| CVE-2026-27456 | mount | 2.37.2-4ubuntu3.5 | MEDIUM | |
| CVE-2026-27456 | util-linux | 2.37.2-4ubuntu3.5 | MEDIUM | |
| CVE-2022-27943 | gcc-12-base | 12.3.0-1ubuntu1~22.04.3 | LOW | |
| CVE-2022-27943 | libgcc-s1 | 12.3.0-1ubuntu1~22.04.3 | LOW | |
| CVE-2024-2236 | libgcrypt20 | 1.9.4-3ubuntu3.2 | LOW | |
| CVE-2023-50495 | libncurses6 | 6.3-2ubuntu0.2 | LOW | |
| CVE-2023-50495 | libncursesw6 | 6.3-2ubuntu0.2 | LOW | |
| CVE-2022-41409 | libpcre2-8-0 | 10.39-3ubuntu0.1 | LOW | |
| CVE-2017-11164 | libpcre3 | 2:8.39-13ubuntu0.22.04.1 | LOW | |
| CVE-2022-27943 | libstdc++6 | 12.3.0-1ubuntu1~22.04.3 | LOW | |
| CVE-2026-40228 | libsystemd0 | 249.11-0ubuntu3.21 | LOW | |
| CVE-2023-50495 | libtinfo6 | 6.3-2ubuntu0.2 | LOW | |
| CVE-2026-40228 | libudev1 | 249.11-0ubuntu3.21 | LOW | |
| CVE-2022-4899 | libzstd1 | 1.4.8+dfsg-3build1 | LOW | |
| CVE-2023-29383 | login | 1:4.8.1-2ubuntu2.2 | LOW | |
| CVE-2024-56433 | login | 1:4.8.1-2ubuntu2.2 | LOW | |
| CVE-2023-50495 | ncurses-base | 6.3-2ubuntu0.2 | LOW | |
| CVE-2023-50495 | ncurses-bin | 6.3-2ubuntu0.2 | LOW | |
| CVE-2023-29383 | passwd | 1:4.8.1-2ubuntu2.2 | LOW | |
| CVE-2024-56433 | passwd | 1:4.8.1-2ubuntu2.2 | LOW |
Source
Copa (in-place patch)
Platforms
linux/amd64, linux/arm64
Registry
ghcr.io/verity-org
Upstream
mirror.gcr.io/tensorflow/serving
Version
2.20.0