CVE-2025-71011

An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71011

An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71009 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71009 Source advisory: SNYK:PYTHON-ONEFLOW-15147049...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71008 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71008 Source advisory: SNYK:PYTHON-ONEFLOW-15162558...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the marknondifferentiable function. An attacker can cause the process to crash by providing specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit:...

CVE-2025-71009

An input validation vulnerability in the flow.scatter/flow.scatteradd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted indices...

CVE-2025-71008

A segmentation violation in the oneflow.oneflowinternal.autograd.Function.FunctionCtx.marknondifferentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-65891

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...

CVE-2025-65886

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via supplying crafted tensor shapes...

PT-2026-5300

A segmentation violation in the oneflow. oneflow internal.autograd.Function.FunctionCtx.mark non differentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71011

An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71009

An input validation vulnerability in the flow.scatter/flow.scatteradd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted indices...

EUVD-2025-206540

An input validation vulnerability in the flow.scatter/flow.scatteradd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted indices...

CVE-2025-71009

An input validation vulnerability in the flow.scatter/flow.scatteradd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted indices...

CVE-2025-71004

A segmentation violation in the oneflow.logicalor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71004 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71004 Source advisory: SNYK:PYTHON-ONEFLOW-15162566...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the oneflow.logicalor function. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71005 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71005 Source advisory: SNYK:PYTHON-ONEFLOW-15162570...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the flow.columnstack component. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...

CVE-2025-71000

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...