1135 matches found
GHSA-F4X7-RFWP-V3XW Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
Summary Using torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-86CJ-95QR-2P4F Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...
GHSA-4R9R-CH6F-VXMX Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
Summary Using torch.utils.bottleneck.main.runcprofile function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runcprofile function in...
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
Summary Using torch.utils.bottleneck.main.runcprofile function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runcprofile function in...
Exploit for CVE-2025-50461
CVE-2025-50461: Remote Code Execution via Unsafe Model Deseria...
executorch 安全漏洞
executorch is a PyTorch deployment tool from pytorch open source. A security vulnerability exists in executorch that stems from an integer overflow that could lead to code execution...
executorch 安全漏洞
executorch is an open source PyTorch deployment tool for PyTorch by pytorch. A security vulnerability exists in executorch that stems from multiple buffer overflows when loading a model, which could lead to a crash or code execution...
executorch 安全漏洞
executorch is an open source PyTorch deployment tool for PyTorch by pytorch. A security vulnerability exists in executorch that stems from a heap buffer overflow when loading a model, which could lead to code execution...
executorch 安全漏洞
executorch is an open source PyTorch deployment tool for PyTorch by pytorch. A security vulnerability exists in executorch that stems from an integer overflow that causes an object to be allocated to the wrong memory region, which could lead to the execution of arbitrary code...
SUSE CVE-2025-5197
A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability
A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...
GHSA-9356-575X-2W9M Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability
A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...
CVE-2025-5197
A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...
CVE-2025-5197
The CVE-2025-5197 ReDoS vulnerability affects Hugging Face Transformers in the convert_tf_weight_name_to_pt_weight_name() function, where the regex /[^/]___([^/] )/ can cause excessive CPU usage via catastrophic backtracking. Affected versions: up to 4.51.3, with a fix in 4.53.0. Practical impact...
CVE-2025-5197 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...
PT-2025-32158 · Hugging Face · Huggingface/Transformers
Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions up to 4.51.3 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the convert tf weight name to pt weight name function of the Hugging Face Transformers library. This function,...
AZL-65661 CVE-2025-51480 affecting package pytorch 2.0.0-14
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
AZL-65658 CVE-2025-51480 affecting package pytorch 2.2.2-12
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem
Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.1.3 Vulnerability Details CVEID:CVE-2025-3136 DESCRIPTION: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function...