1133 matches found
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...
GHSA-97F8-7CMV-76J2 Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...
CVE-2026-24747 affecting package pytorch for versions less than 2.0.0-13
CVE-2026-24747 affecting package pytorch for versions less than 2.0.0-13. A patched version of the package is available...
GPU-Fuzz: Finding Memory Errors in Deep Learning Frameworks
GPU memory errors are a critical threat to deep learning DL frameworks, leading to crashes or even security issues. We introduce GPU-Fuzz, a fuzzer locating these issues efficiently by modeling operator parameters as formal constraints. GPU-Fuzz utilizes a constraint solver to generate test cases...
Memory Corruption
PyTorch is vulnerable to memory corruption. The vulnerability is due to an unsafe implementation in the weightsonly unpickler when loading malicious .pth checkpoint files, which allows an attacker to craft a specially designed file that can corrupt memory and potentially execute arbitrary code...
CVE-2025-3001 affecting package pytorch for versions less than 2.0.0-12
CVE-2025-3001 affecting package pytorch for versions less than 2.0.0-12. A patched version of the package is available...
NVIDIA Megatron-LM 代码注入漏洞
NVIDIA Megatron-LM is a distributed training framework based on PyTorch developed by NVIDIA Corporation in the United States. It is specifically designed for training large-scale Transformer language models. NVIDIA Megatron-LM has a code injection vulnerability. This vulnerability stems from...
CVE-2026-24747 affecting package pytorch for versions less than 2.2.2-11
CVE-2026-24747 affecting package pytorch for versions less than 2.2.2-11. A patched version of the package is available...
CVE-2025-32434 vulnerabilities
Vulnerabilities for packages: py3.11-pytorch-cuda-11.8...
GHSA-53Q9-R3PM-6PQ6 vulnerabilities
Vulnerabilities for packages: py3.11-pytorch-cuda-11.8...
Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.
Summary The IBM Maximo Application Suite AI-Service component uses "FlaskCors-4.0.2-py2.py3-none-any.whl, langchaincommunity-0.3.3-py3-none-any.whl, langchaincore-0.3.29-py3-none-any.whl, langchaintextsplitters-0.3.5-py3-none-any.whl, pdfminersix-20250327-py3-none-any.whl,...
BIT-PYTORCH-2026-24747 PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
Malicious code in pytorch-mutex (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4959fc9ffb04b2e53d068fa3e6564a21dd3bd4b6374324416a643c3e58ebe330 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-24747
A flaw was found in PyTorch, a Python package for tensor computation. A remote attacker could craft a malicious checkpoint file, which, when loaded using the weightsonly unpickler, could lead to memory corruption. This vulnerability may enable an attacker to achieve arbitrary code execution on th...
Linux Distros Unpatched Vulnerability : CVE-2026-24747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to...
AZL-75293 CVE-2026-24747 affecting package pytorch for versions less than 2.2.2-11
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
DEBIAN-CVE-2026-24747
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
AZL-75588 CVE-2026-24747 affecting package pytorch for versions less than 2.0.0-14
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
CVE-2026-24747
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
CVE-2026-24747
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...