Filtered by vendor Pytorch
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55553 | 1 Pytorch | 1 Pytorch | 2025-09-29 | 7.5 High |
| A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2025-55552 | 1 Pytorch | 1 Pytorch | 2025-09-29 | 5.3 Medium |
| pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. | ||||
| CVE-2025-55551 | 1 Pytorch | 1 Pytorch | 2025-09-29 | 7.5 High |
| An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. | ||||
| CVE-2025-55557 | 1 Pytorch | 1 Pytorch | 2025-09-29 | 7.5 High |
| A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). | ||||
| CVE-2025-55560 | 1 Pytorch | 1 Pytorch | 2025-09-26 | 7.5 High |
| An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. | ||||
| CVE-2025-55558 | 1 Pytorch | 1 Pytorch | 2025-09-26 | 7.5 High |
| A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). | ||||
| CVE-2025-55554 | 1 Pytorch | 1 Pytorch | 2025-09-26 | 5.3 Medium |
| pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). | ||||
| CVE-2025-46153 | 1 Pytorch | 1 Pytorch | 2025-09-26 | 5.3 Medium |
| PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True. | ||||
| CVE-2025-46149 | 1 Pytorch | 1 Pytorch | 2025-09-26 | 5.3 Medium |
| In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. | ||||
| CVE-2025-46148 | 1 Pytorch | 1 Pytorch | 2025-09-26 | 5.3 Medium |
| In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. | ||||
| CVE-2025-46150 | 1 Pytorch | 1 Pytorch | 2025-09-26 | 5.3 Medium |
| In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. | ||||
| CVE-2025-46152 | 1 Pytorch | 1 Pytorch | 2025-09-26 | 5.3 Medium |
| In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. | ||||
| CVE-2024-35199 | 1 Pytorch | 1 Torchserve | 2025-09-04 | 8.2 High |
| TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost/) by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed in PR #3083. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-35198 | 1 Pytorch | 1 Torchserve | 2025-09-04 | 9.8 Critical |
| TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading see PR #3082. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-48063 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-07-16 | 9.8 Critical |
| In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. | ||||
| CVE-2025-4287 | 1 Pytorch | 1 Pytorch | 2025-06-24 | 3.3 Low |
| A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-2148 | 1 Pytorch | 1 Pytorch | 2025-06-23 | 5 Medium |
| A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. | ||||
| CVE-2025-2149 | 1 Pytorch | 1 Pytorch | 2025-06-23 | 2.5 Low |
| A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-31580 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-06-10 | 4 Medium |
| PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-7804 | 1 Pytorch | 1 Pytorch | 2025-04-01 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||