CVE-2025-71003

An input validation vulnerability in the flow.arange component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71005

A floating point exception FPE in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71006

A floating point exception FPE in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71005

A floating point exception FPE in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71006

A floating point exception FPE in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the oneflow.logicalor function. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71004 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71004 Source advisory: SNYK:PYTHON-ONEFLOW-15162566...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71005 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71005 Source advisory: SNYK:PYTHON-ONEFLOW-15162570...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the arange function. An attacker can cause the application to become unresponsive or crash by submitting specially crafted input. Remediation There is no fixed version for oneflow...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71003 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71003 Source advisory: SNYK:PYTHON-ONEFLOW-15162568...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero via the oneflow.view component. An attacker can cause the application to crash by submitting specially crafted input that triggers a floating point exception. Remediation There is no fixed version for oneflow. Reference...

CVE-2025-71002

A floating-point exception FPE in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71002

A floating-point exception FPE in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero via the flow.columnstack component. An attacker can cause the application to terminate unexpectedly by providing specially crafted input that triggers a floating-point exception. Remediation There is no fixed version fo...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71002 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71002 Source advisory: SNYK:PYTHON-ONEFLOW-15162572...

CVE-2025-71001

A segmentation violation in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71001

A segmentation violation in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71000 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71000 Source advisory: SNYK:PYTHON-ONEFLOW-15162574...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the flow.cuda.BoolTensor component when processing crafted input. An attacker can cause the application to crash or become unresponsive by submitting specially crafted data...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the flow.columnstack component. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...