flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71001 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71001 Source advisory: SNYK:PYTHON-ONEFLOW-15162576...

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

CVE-2025-71000

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71000

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-65891

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...

CVE-2025-65891

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice DoS by invoking flow.cuda.getdeviceproperties with an invalid or negative device index...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the flow.cuda.synchronize function when it is called with an invalid or out-of-range GPU device index. An attacker can cause the application to crash or become unresponsive by supplying a malicious...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-65890 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-65890 Source advisory: SNYK:PYTHON-ONEFLOW-15162578...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the flow.dstack function. An attacker can cause the application to crash or become unresponsive by submitting specially crafted input. Remediation There is no fixed version...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-65889 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-65889 Source advisory: SNYK:PYTHON-ONEFLOW-15162580...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the flow.cuda.getdeviceproperties function. An attacker can cause the application to crash or become unresponsive by supplying an invalid or negative device index. Remediation There is no fixed...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-65891 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-65891 Source advisory: SNYK:PYTHON-ONEFLOW-15162587...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-70999 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-70999 Source advisory: SNYK:PYTHON-ONEFLOW-15162589...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via improper validation in the flow.cuda.getdevicecapability function. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted device ID. Remediation Ther...

CVE-2025-65889

A type validation flaw in the flow.dstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-65889

A type validation flaw in the flow.dstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-65887

A division-by-zero vulnerability in the flow.floordivide component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input tensor with zero...

CVE-2025-65890

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS by calling flow.cuda.synchronize with an invalid or out-of-range GPU device index...

CVE-2025-65886

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via supplying crafted tensor shapes...