CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

CVE-2025-65890

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS by calling flow.cuda.synchronize with an invalid or out-of-range GPU device index...

CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

CVE-2025-65887

A division-by-zero vulnerability in the flow.floordivide component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input tensor with zero...

CVE-2025-65886

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via supplying crafted tensor shapes...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the tensor shape process. An attacker can cause the application to crash or become unresponsive by supplying specially crafted tensor shapes. Remediation There is no fixed version for oneflow. References - GitHub...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-65886 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-65886 Source advisory: SNYK:PYTHON-ONEFLOW-15162593...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the flow.empty function. An attacker can cause the application to crash or become unresponsive by supplying a negative or excessively large dimension value. Remediation There is no...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-65888 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-65888 Source advisory: SNYK:PYTHON-ONEFLOW-15162591...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero in the flow.floordivide function. An attacker can cause the application to crash or become unresponsive by providing a specially crafted input tensor containing a zero value. Remediation There is no fixed version for...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-65887 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-65887 Source advisory: SNYK:PYTHON-ONEFLOW-15147047...

CVE-2025-71002

A floating-point exception FPE in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-65890

OneFlow CVE-2025-65890 describes a device-ID validation flaw in OneFlow v0.9.0 where calling flow.cuda.synchronize() with an invalid/out-of-range GPU device index triggers a Denial of Service. The issue, rated CVSS v3.1 base 7.5 (HIGH), has no published fixed version per Snyk, and other sources c...

EUVD-2025-206484

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via supplying crafted tensor shapes...

PT-2026-5147

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.get device properties with an invalid or negative device index...

EUVD-2025-206473

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...

PT-2026-5136

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via supplying crafted tensor shapes...

CVE-2025-65888

The entries for CVE-2025-65888 describe a concrete flaw in OneFlow 0.9.0: a dimension validation issue in the flow.empty() component that allows a Denial of Service when given a negative or excessively large dimension value. The vulnerability is supported across multiple feeds (NVD, Red Hat, CIRC...

Oneflow security vulnerabilities

Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability, which stems from a flaw in GPU device ID verification. This vulnerability could lead to denial-of-service attacks...

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability, which stems from insufficient input validation in the flow.arange component. This vulnerability could lead to denial-of-service attacks...