UBUNTU-CVE-2025-55554

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nantonum-.long...

UBUNTU-CVE-2025-55553

A syntax error in the component proxytensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service DoS...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when compiling model with torch.rot90 and torch.randnlike functions while backend="aoteagerdecomppartition". An attacker can cause unexpected behavior or potentially manipulate outputs by...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the torch.Tensor.random function when a model is compiled with Inductor. An attacker can cause the application to crash or become unresponsive by triggering a syntax error...

Improper Handling of Undefined Values

Overview Affected versions of this package are vulnerable to Improper Handling of Undefined Values in the torch.cummin component when compiling a model with Inductor. An attacker can cause the application to crash or become unresponsive by submitting a specially crafted model that triggers a name...

PYSEC-2025-202

PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...

PYSEC-2025-201

In PyTorch before 2.7.0, bitwiserightshift produces incorrect output for certain out-of-bounds values of the "other" argument...

CVE-2025-55551

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...

DEBIAN-CVE-2025-46148

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistancep=2 produces incorrect results...

PYSEC-2025-203

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...

PYSEC-2025-199

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error...

aait (>=0.0.4.80 <=1.0.5), accusleepy (>=0.1.0 <=0.7.1) +334 more potentially affected by CVE-2025-46149 via torch (=2.6.0)

torch PYPI version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on torch and may be impacted: - aait =0.0.4.80, =0.1.0, =1.0.0.3, =0.1.0, =0.8.4, =0.1.47, =3.1.8, =0.1.3, =2.0.3, =0.3.8.2, =0.2.2, =0.2.4 - archgw =0.3.17 and more Source cves:...

PYSEC-2025-198

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistancep=2 produces incorrect results...

PYSEC-2025-200

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results...

PYSEC-2025-202

PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25314 more potentially affected by CVE-2025-46148 via torch (>=1.0.0 <=2.6.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-46148 Source advisory: OSV:PYSEC-2025-198...

AZL-67884 CVE-2025-46152 affecting package pytorch for versions less than 2.2.2-9

In PyTorch before 2.7.0, bitwiserightshift produces incorrect output for certain out-of-bounds values of the "other" argument...

DEBIAN-CVE-2025-55551

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...

PYSEC-2025-201

In PyTorch before 2.7.0, bitwiserightshift produces incorrect output for certain out-of-bounds values of the "other" argument...

CVE-2025-46152

In PyTorch before 2.7.0, bitwiserightshift produces incorrect output for certain out-of-bounds values of the "other" argument...