CVE-2025-65890

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS by calling flow.cuda.synchronize with an invalid or out-of-range GPU device index...

CVE-2025-65887

A division-by-zero vulnerability in the flow.floordivide component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input tensor with zero...

EUVD-2025-206470

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2025-206419

A floating point exception FPE in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-5140

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

EUVD-2025-206475

A type validation flaw in the flow.dstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71003

An input validation vulnerability in the flow.arange component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2025-206481

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

EUVD-2025-206469

A segmentation violation in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71004

A segmentation violation in the oneflow.logicalor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2025-206472

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

CVE-2025-65887

A division-by-zero vulnerability in the flow.floordivide component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input tensor with zero...

Oneflow security vulnerabilities

Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability. This vulnerability stems from floating-point exceptions in the reshape component of Oneflow, which could lead to denial-of-service attacks...

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability, which stems from insufficient input validation in the oneflow.indexadd component, potentially leading to denial-of-service attacks...

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability, which stems from a segmentation violation in the oneflow.logicalor component, potentially leading to a denial-of-service attack...

PT-2026-5214

Name of the Vulnerable Software and Affected Versions OneFlow version 0.9.0 Description A crafted input to the oneflow.view component can trigger a floating point exception FPE, leading to a Denial of Service DoS. Recommendations At the moment, there is no information about a newer version that...

PT-2026-5139

A division-by-zero vulnerability in the flow.floor divide component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input tensor with zero...

PT-2026-5209

A segmentation violation in the oneflow.logical or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-70999

OneFlow v0.9.0 is affected by a GPU device-ID validation flaw in the flow.cuda.get_device_capability() function that can cause a Denial of Service via a crafted device ID. The issue is described consistently across CVE records (NVD/Red Hat/ OSV/CIRCL) as a DoS condition stemming from improper val...

CVE-2025-71004

CVE-2025-71004 affects OneFlow v0.9.0 in the oneflow.logical_or component, where a segmentation violation can be triggered by crafted input, leading to Denial of Service. Multiple connected sources (NVD, Red Hat, OSV, CVE lists) concur on the same root cause and impact. The documents do not speci...