1135 matches found
CVE-2025-55551
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...
CVE-2025-55554
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nantonum-.long...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4287 DESCRIPTION: A vulnerability was found in PyTor...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-3000 DESCRIPTION: A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The...
CVE-2025-10155
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references. Original Description An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and includin...
GHSA-J424-MC44-F4HJ Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references. Original Description An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and includin...
PYSEC-2025-151
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
CVE-2025-10155
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
PYSEC-2025-151
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
PT-2026-5024
Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.10.0 Description PyTorch, a Python package for tensor computation, has an issue in its weights only unpickler. An attacker can create a malicious checkpoint file .pth that, when loaded using torch.load..., weights...
picklescan 输入验证错误漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. An input validation error vulnerability exists in picklescan version 0.0.30 and earlier, which stems from improper input validation in the scanning logic and could allow a remote attacker to bypass security...
Protection Mechanism Failure
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the scanbytes function. An attacker can bypass detection of malicious content by disguising a standard pickle...
GHSA-JGW4-CR84-MQXG Picklescan Bypass is Possible via File Extension Mismatch
Summary Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension e.g., .bin. This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle...
Picklescan Bypass is Possible via File Extension Mismatch
Summary Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension e.g., .bin. This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle...
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check CRC. Instead of attempting to scan the files within the archive, whatever the CRC is, Picklescan fails in error and returns no results...
GHSA-MJQP-26HC-GRXG Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check CRC. Instead of attempting to scan the files within the archive, whatever the CRC is, Picklescan fails in error and returns no results...
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from PickleScan's strict check for full module names against its list of unsafe globals. By using subclasses of dangerous imports instead o...