1133 matches found
UBUNTU-CVE-2026-24747
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
CVE-2026-24747
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
CVE-2026-24747 PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
CVE-2026-24747 PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
EUVD-2026-4738
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
CVE-2026-24747
PyTorch prior to v2.10.0 is vulnerable to memory corruption and potential arbitrary code execution via the weights_only unpickler when loading a malicious .pth checkpoint with torch.load(..., weights_only=True). Affected software is PyTorch (Python tensor computation package); the issue is fixed ...
CVE-2026-24747
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
CVE-2026-24747 PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...
PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
Summary A vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to arbitrary code execution. Vulnerability Details The weightsonly=True unpickler...
aistructdynsolve (>=1.0.0 <=1.2.0), anoseg (=0.0.2) +82 more potentially affected by CVE-2026-24747 via pytorch (=1.0.2)
pytorch PYPI version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on pytorch and may be impacted: - aistructdynsolve =1.0.0, =0.3.0.1, =1.1.0, =1.1.1 and more Source cves: CVE-2026-24747 Source advisory: OSV:GHSA-63CW-57P8-FM3P...
GHSA-63CW-57P8-FM3P PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
Summary A vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to arbitrary code execution. Vulnerability Details The weightsonly=True unpickler...
PyTorch code issues and vulnerabilities
PyTorch is an open-source Python package developed by PyTorch. Versions of PyTorch prior to 2.10.0 contained code-related vulnerabilities. These vulnerabilities stemmed from defects in the weightsonly deserializer, which could lead to memory corruption and arbitrary code execution...
AZL-76505 CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-76602 CVE-2026-0994 affecting package pytorch for versions less than 2.2.2-12
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
Azure Linux 3.0 Security Update: pytorch (CVE-2024-7776)
The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7776 advisory. - A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16....
Azure Linux 3.0 Security Update: python-tensorboard / pytorch (CVE-2021-22569)
The version of python-tensorboard / pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22569 advisory. - An issue in protobuf-java allowed the interleaving of...
Azure Linux 3.0 Security Update: pytorch (CVE-2024-5187)
The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5187 advisory. - A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows...
CVE-2025-3001 affecting package pytorch for versions less than 2.2.2-10
CVE-2025-3001 affecting package pytorch for versions less than 2.2.2-10. A patched version of the package is available...
CVE-2025-1944
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...
CVE-2025-1945
picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being...