| CVE-2026-4538 |
high |
7.8 |
7.8 |
|
|
|
2mo ago |
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be p… |
| CVE-2025-63396 |
unknown |
— |
— |
|
|
|
7mo ago |
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (D… |
| CVE-2025-55560 |
unknown |
— |
— |
|
|
|
8mo ago |
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. |
| CVE-2025-55558 |
unknown |
— |
— |
|
|
|
8mo ago |
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a… |
| CVE-2025-55557 |
unknown |
— |
— |
|
|
|
8mo ago |
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). |
| CVE-2025-55554 |
unknown |
— |
— |
|
|
|
8mo ago |
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). |
| CVE-2025-55553 |
unknown |
— |
— |
|
|
|
8mo ago |
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). |
| CVE-2025-55552 |
unknown |
— |
— |
|
|
|
8mo ago |
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. |
| CVE-2025-55551 |
unknown |
— |
— |
|
|
|
8mo ago |
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. |
| CVE-2025-46153 |
unknown |
— |
— |
|
|
|
8mo ago |
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d… |
| CVE-2025-46152 |
unknown |
— |
— |
|
|
|
8mo ago |
In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. |
| CVE-2025-46150 |
unknown |
— |
— |
|
|
|
8mo ago |
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. |
| CVE-2025-46149 |
unknown |
— |
— |
|
|
|
8mo ago |
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. |
| CVE-2025-46148 |
unknown |
— |
— |
|
|
|
8mo ago |
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. |
| CVE-2025-32434 |
unknown |
— |
— |
|
|
|
1y ago |
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command … |
| CVE-2025-3730 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation … |
| CVE-2025-3136 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAlloc… |
| CVE-2025-3121 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is … |
| CVE-2025-3001 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approac… |
| CVE-2025-3000 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on… |
| CVE-2025-2999 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Atta… |
| CVE-2025-2998 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory c… |
| CVE-2025-2953 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of servic… |
| CVE-2025-2149 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of t… |
| CVE-2025-2148 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component T… |
| CVE-2024-48063 |
unknown |
— |
— |
|
|
|
2y ago |
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. |
| CVE-2024-31584 |
unknown |
— |
— |
|
|
|
2y ago |
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. |
| CVE-2024-31580 |
unknown |
— |
— |
|
|
|
2y ago |
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (… |
| CVE-2024-31583 |
unknown |
— |
— |
|
|
|
2y ago |
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. |
| CVE-2022-45907 |
unknown |
— |
— |
|
|
|
4y ago |
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. |