CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

CVE-2025-65886

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via supplying crafted tensor shapes...

CVE-2025-71006

A floating point exception FPE in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71002

A floating-point exception FPE in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2025-206420

A floating point exception FPE in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2025-206453

A floating-point exception FPE in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

PT-2026-5223

Name of the Vulnerable Software and Affected Versions OneFlow version 0.9.0 Description An input validation issue exists in the oneflow.index add component. This can be exploited to cause a Denial of Service DoS by providing a crafted input. Recommendations Update to a newer version that contains...

PT-2026-5196

Name of the Vulnerable Software and Affected Versions OneFlow version 0.9.0 Description A crafted input can trigger a floating-point exception FPE within the flow.column stack component, leading to a Denial of Service DoS. Recommendations Update to a newer version that contains a fix for this...

PT-2026-5178

A segmentation violation in the flow.column stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-65889

CVE-2025-65889 affects OneFlow v0.9.0 in the flow.dstack() function, where a type validation flaw can be exploited to induce a Denial of Service (DoS) through crafted input. The vulnerability is described across multiple sources (NVD/Red Hat/CVE; CIRCL sightings; OSV; Snyk) with the common impact...

CVE-2025-65886

CVE-2025-65886 describes a shape-mismatch vulnerability in OneFlow v0.9.0 that allows attackers to cause a Denial of Service (DoS) by supplying crafted tensor shapes. The CVSS 3.1 vector indicates network attack vector, no privileges/UI, with high impact on availability. Connected sources (RH, NV...

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability. This vulnerability stems from a device ID verification flaw, which may allow a denial-of-service attack by invoking flow.cuda.synchronize with invalid or out-of-rang...

EUVD-2025-206424

An input validation vulnerability in the flow.arange component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-5213

Name of the Vulnerable Software and Affected Versions OneFlow version 0.9.0 Description An input validation issue exists in the flow.arange component. This can be exploited to cause a Denial of Service DoS by providing a specially crafted input. Recommendations Update to a newer version that...

Oneflow security vulnerabilities

Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability, which stems from a problem with the flow.cuda.BoolTensor component. This vulnerability could lead to denial-of-service attacks...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

EUVD-2025-50829

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...