PT-2026-5301

Name of the Vulnerable Software and Affected Versions OneFlow version 0.9.0 Description An input validation issue exists in the flow.scatter/flow.scatter add component. This can be exploited to cause a Denial of Service DoS by providing a crafted indices input. Recommendations At the moment, ther...

CVE-2025-71008

A segmentation violation in the oneflow.oneflowinternal.autograd.Function.FunctionCtx.marknondifferentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71009

An input validation vulnerability in the flow.scatter/flow.scatteradd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted indices...

EUVD-2025-206539

A segmentation violation in the oneflow.oneflowinternal.autograd.Function.FunctionCtx.marknondifferentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71009

CVE-2025-71009 affects OneFlow v0.9.0 in the flow.scatter/flow.scatter_add components. The vulnerability is an input validation issue that can cause a Denial of Service when crafted indices are provided, per Red Hat, NVD, OSV, CIRCL, Snyk and related feeds. The practical impact is DoS with availa...

CVE-2025-71008

CVE-2025-71008 describes a segmentation fault in OneFlow v0.9.0 within the internal autograd path (FunctionCtx.mark_non_differentiable). The issue can be triggered by crafted input to cause a Denial of Service. Affected component: oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_d...

CVE-2025-71011

An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2025-206541

An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71009

An input validation vulnerability in the flow.scatter/flow.scatteradd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted indices...

CVE-2025-71011

CVE-2025-71011 affects OneFlow v0.9.0: input validation flaw in flow.Tensor.new_empty, flow.Tensor.new_ones, and flow.Tensor.new_zeros can trigger a Denial of Service via crafted input. Multiple connected sources corroborate the issue but do not provide a public fix version. Exploitation is indic...

PT-2026-5302

Name of the Vulnerable Software and Affected Versions OneFlow version 0.9.0 Description An input validation issue exists in the flow.Tensor.new empty/flow.Tensor.new ones/flow.Tensor.new zeros component. This can lead to a Denial of Service DoS condition through a crafted input. Recommendations A...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71006 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71006 Source advisory: SNYK:PYTHON-ONEFLOW-15162562...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero via the oneflow.reshape process. An attacker can cause the application to crash or become unresponsive by submitting specially crafted input that triggers a floating point exception. Remediation There is no fixed versio...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the indexadd function. An attacker can cause the application to crash or become unresponsive by submitting specially crafted input. Remediation There is no fixed version for oneflow. References -...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71007 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71007 Source advisory: SNYK:PYTHON-ONEFLOW-15162564...

CVE-2025-71007

An input validation vulnerability in the oneflow.indexadd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71007

An input validation vulnerability in the oneflow.indexadd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71003

An input validation vulnerability in the flow.arange component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71004

A segmentation violation in the oneflow.logicalor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71003

An input validation vulnerability in the flow.arange component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...