Filtered by vendor Linuxfoundation
Subscriptions
Filtered by product Pytorch
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63396 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2026-01-02 | 3.3 Low |
| An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS). | ||||
| CVE-2025-32434 | 1 Linuxfoundation | 1 Pytorch | 2025-12-01 | 9.8 Critical |
| PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0. | ||||
| CVE-2025-55560 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-14 | 7.5 High |
| An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. | ||||
| CVE-2025-55552 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. | ||||
| CVE-2025-55553 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 7.5 High |
| A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2025-55554 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). | ||||
| CVE-2025-55557 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 7.5 High |
| A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). | ||||
| CVE-2025-55558 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 7.5 High |
| A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). | ||||
| CVE-2025-46148 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. | ||||
| CVE-2025-46149 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. | ||||
| CVE-2025-46150 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. | ||||
| CVE-2025-46152 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. | ||||
| CVE-2025-46153 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True. | ||||
| CVE-2025-55551 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 7.5 High |
| An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. | ||||
| CVE-2024-48063 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-07-16 | 9.8 Critical |
| In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. | ||||
| CVE-2024-31580 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-06-10 | 4 Medium |
| PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-31583 | 2 Linuxfoundation, Pytorchlightning | 2 Pytorch, Pytorch Lightning | 2025-06-10 | 7.8 High |
| Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. | ||||
| CVE-2024-31584 | 2 Linuxfoundation, Pytorchlightning | 2 Pytorch, Pytorch Lightning | 2025-06-03 | 5.5 Medium |
| Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. | ||||
| CVE-2025-2998 | 1 Linuxfoundation | 1 Pytorch | 2025-05-29 | 5.3 Medium |
| A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2999 | 1 Linuxfoundation | 1 Pytorch | 2025-05-29 | 5.3 Medium |
| A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||