PT-2025-10577

Name of the Vulnerable Software and Affected Versions PyTorch version 2.6.0+cu124 Description A problem was found in the Quantized Sigmoid Module, specifically in the nnq Sigmoid function. The issue arises from the manipulation of the scale and zero point arguments, leading to improper...

PT-2025-7327 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: InvokeAI affected versions not specified Description: The issue concerns an unsafely deserialized file download in the backend, potentially allowing remote code execution RCE through PyTorch's torch.load function. Recommendations: At the...

Azure Linux 3.0 Security Update: nodejs / pytorch (CVE-2021-22918)

The version of nodejs / pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22918 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii ...

Azure Linux 3.0 Security Update: pytorch (CVE-2024-27318)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27318 advisory. - Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the...

Azure Linux 3.0 Security Update: pytorch (CVE-2024-27319)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27319 advisory. - Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the...

Exploit for Improper Control of Dynamically-Managed Code Resources in Lightningai Pytorch_Lightning

CVE-2024-5452 01. RCE 와 pytorch-lightning 개요 - 1 RCE 와...

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning ML models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning...

CVE-2021-4118

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

CVE-2022-0845

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0...

CVE-2024-5452

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

CVE-2021-22918 affecting package pytorch for versions less than 2.2.2-4

CVE-2021-22918 affecting package pytorch for versions less than 2.2.2-4. A patched version of the package is available...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch [CVE-2024-31580]

Summary IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch [CVE-2024-31580]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has bee...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch [CVE-2024-31583]

Summary IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch, caused by a use-after-free flaw in the torch/csrc/jit/mobile/interpreter.cpp component. CVE-2024-31583. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please re...

CVE-2022-1941 affecting package pytorch for versions less than 2.0.0-7

CVE-2022-1941 affecting package pytorch for versions less than 2.0.0-7. A patched version of the package is available...

Exploit for Deserialization of Untrusted Data in Huggingface Transformers

CVE-2024-11392 Hugging Face Transformers MobileViTV2 Des...

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning ML tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22...

November Linux Patch Wednesday

November Linux Patch Wednesday. I was happy in October that the number of vulnerabilities was gradually decreasing to an acceptable level, and in November I got a peak again. A total of 803 vulnerabilities. Of these, 567 are in the Linux Kernel. Kind of crazy. 2 vulnerabilities in Chromium with...

CVE-2024-5187 affecting package pytorch for versions less than 2.2.2-3

CVE-2024-5187 affecting package pytorch for versions less than 2.2.2-3. A patched version of the package is available...

PT-2025-17312

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.6.0 PyTorch ≤2.5.1 Description PyTorch is vulnerable to a Remote Command Execution RCE vulnerability. This flaw exists in versions 2.5.1 and prior, specifically when loading a model using the torch.load function wit...