CVE-2026-28277

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

Memory Corruption

PyTorch is vulnerable to memory corruption. The vulnerability is due to an unsafe implementation in the weightsonly unpickler when loading malicious .pth checkpoint files, which allows an attacker to craft a specially designed file that can corrupt memory and potentially execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-24747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to...

Deserialization of Untrusted Data

Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadstatedict function, used during unpickling. An attacker can corrupt heap memory by convincing a user to...

CVE-2026-24747

PyTorch prior to v2.10.0 is vulnerable to memory corruption and potential arbitrary code execution via the weights_only unpickler when loading a malicious .pth checkpoint with torch.load(..., weights_only=True). Affected software is PyTorch (Python tensor computation package); the issue is fixed ...

CVE-2025-67729

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...

CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...

CVE-2025-14926

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious SEW model checkpoint, causing arbitrary code execution in the context o...

CVE-2025-14925

CVE-2025-14925 affects Hugging Face Accelerate. The vulnerability stems from improper validation during parsing of checkpoints, enabling deserialization of untrusted data. An attacker can trigger remote code execution by convincing a user to visit a malicious page or open a crafted file, with cod...

CVE-2025-14924

Summary: CVE-2025-14924 affects Hugging Face Transformers megatron_gpt2. The vulnerability arises during the parsing of checkpoints, where user-supplied data is not properly validated, allowing deserialization of untrusted data and resulting in arbitrary code execution in the current process. Imp...

CVE-2025-14924 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...

CVE-2025-14929 Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

Hugging Face Transformers 代码问题漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code issue vulnerability exists in Hugging Face Transformers that stems from a lack of...

[SECURITY] Fedora 43 Update: checkpointctl-1.4.1-1.fc43

The checkpointctl command can be used for in-depth analysis of container checkpoints created with Podman and Kubernetes...

[SECURITY] Fedora 42 Update: checkpointctl-1.4.1-1.fc42

The checkpointctl command can be used for in-depth analysis of container checkpoints created with Podman and Kubernetes...

(0Day) Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Accelerate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

(0Day) Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

Insecure Deserialization

monai is vulnerable to Insecure Deserialization. The vulnerability is due to loading of untrusted checkpoint files like torch.load used without safe guards. This allows an attacker to supply a crafted checkpoint that executes arbitrary code during deserialization...

[SECURITY] Fedora 41 Update: checkpointctl-1.4.0-3.fc41

The checkpointctl command can be used for in-depth analysis of container checkpoints created with Podman and Kubernetes...