PT-2025-3295 · Unknown · 3D Engine Module

Name of the Vulnerable Software and Affected Versions: 3D engine module affected versions not specified Description: The issue is related to an integer overflow vulnerability that occurs during the loading of glTF models in the 3D engine module. Successful exploitation of this vulnerability may...

PT-2025-32526 · Keras +1 · Keras +1

Name of the Vulnerable Software and Affected Versions: Keras versions 3.0.0 through 3.10.0 Description: A safe mode bypass vulnerability exists in the Model.load model method. This allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model...

PT-2025-6422

Name of the Vulnerable Software and Affected Versions NVIDIA Triton Inference Server affected versions not specified Description The issue is related to an integer overflow or wraparound error in the model loading API. This can be triggered by loading a model with an extra-large file size,...

Remote Code Execution via Model Deserialization on /api/v2/models/install API

Summary I have identified a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This...

Integer Overflow In /v2/repository/models/<model_name>/load

This report is not public...

CVE-2024-3660

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

PT-2024-27091

Name of the Vulnerable Software and Affected Versions TensorFlow's Keras framework versions prior to 2.13 Description A code injection issue in TensorFlow's Keras framework allows attackers to execute arbitrary code with the same permissions as the application. This can be achieved by using a mod...

NVIDIA Triton Inference Server Directory Traversal Vulnerability

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from a directory traversal vulnerability that stems from when started explicitly with the non-defaul...

The software for deploying and executing AI models, NVIDIA Triton Inference Server (previously TensorRT Inference Server), has vulnerabilities that allow attackers to gain unauthorized access to protected information, enhance their privileges, execute arbitrary code, or cause service failures.

The vulnerability of the NVIDIA Triton Inference Server previously known as TensorRT Inference Server software for deploying and executing artificial intelligence models is related to errors in processing the relative path to the catalog during model loading. Exploiting this vulnerability can all...

NVIDIA Triton Inference Server 安全漏洞

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from a directory traversal vulnerability that stems from when started explicitly with the non-defaul...

PT-2023-8256 · Nvidia · Nvidia Triton Inference Server

Name of the Vulnerable Software and Affected Versions: NVIDIA Triton Inference Server affected versions not specified Description: The issue is related to errors in processing relative paths to directories during model loading in NVIDIA Triton Inference Server. This can allow a remote attacker to...

Security Bulletin: NVIDIA Triton Inference Server - December 2023

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. This issue affects only nondefault deployments that enable dynamic model loading through the model control APIs by using the command line option --model-control explicit...

BIT-MXNET-2022-24294

A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...

GHSA-8FXR-QFR9-P34W TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

The software environment for training and deploying deep neural networks, Apache MXNet, has vulnerabilities related to uncontrolled resource consumption. This allows attackers to trigger service failures.

The vulnerability of the Apache MXNet software environment for training and deploying deep neural networks is related to an uncontrolled resource consumption during the loading of models with operator names. Exploiting this vulnerability could allow a malicious actor to cause service failures...

PT-2022-3914 · Apache · Apache Mxnet

Name of the Vulnerable Software and Affected Versions: Apache MXNet versions prior to 1.9.1 Description: A regular expression used in Apache MXNet is vulnerable to a potential denial-of-service by excessive resource consumption. The issue could be exploited when loading a model in Apache MXNet th...

Apache MXNet 安全漏洞

Apache MXNet is an open source deep learning software framework from the Apache Apache Foundation in the United States. It is used for training and deploying deep neural networks. A security vulnerability exists in Apache MXNet incubating versions prior to 1.9.1, which stems from the use of regul...

GHSA-H22X-HM8G-RXPG Improper Restriction of XML External Entity Reference in Apache OpenNLP

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache...

GHSA-H67M-XG8F-FXCF Deadlock in mutually recursive `tf.function` objects

Impact The code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive: python import tensorflow as tf @tf.function def fun1num: if num == 1: return printnum fun2num-1 @tf.function def fun2num: if num == 0: return printnum fun1num-1...

PYSEC-2021-820

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...