BIT-PYTORCH-2025-3121 PyTorch torch.jit.jit_module_from_flatbuffer memory corruption

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used...

PyTorch torch.mkldnn_max_pool2d denial of service

...

CVE-2024-31584

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbufferloader.cpp...

CVE-2024-31580

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-31583

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

CVE-2021-43811

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

Leveraging Large Language Models for Command Injection Vulnerability Analysis in Python: an Empirical Study on Popular Open-Source Projects

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large Language ModelsLLMs in code-related tasks, such as testing...

K000151398: PyTorch vulnerability CVE-2025-32434

Security Advisory Description PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model...

Unspecified Vulnerability in PyTorch (CNVD-2025-23289)

PyTorch is a Python package open-sourced by PyTorch. PyTorch has a security vulnerability that originates from improper handling of the function torch.cuda.nccl.reduce in the file torch/cuda/nccl.py, which can be exploited by an attacker to cause a denial of service...

Unspecified Vulnerability in PyTorch (CNVD-2025-23290)

PyTorch is a Python package open-sourced by PyTorch. PyTorch has a security vulnerability that can be exploited by attackers to cause memory corruption...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer.This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer.This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstmcell. The manipulation leads to memory corruption.This bulletin contains information regarding the...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.This bulletin contains information regarding the vulnerability and its fixture...

SUSE CVE-2025-4287

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has bee...

CBL Mariner 2.0 Security Update: pytorch (CVE-2025-3730)

The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-3730 advisory. - A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function...

Azure Linux 3.0 Security Update: pytorch (CVE-2025-32434)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32434 advisory. - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural...