CVE-2025-55554

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nantonum-.long...

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from a name error when compiling a model containing torch.cummin using Inductor, which can be exploited by an attacker to cause a denial of service...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion when the model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv and compiled with Inductor. An attacker can cause the application to become unresponsive or crash by providin...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4287 DESCRIPTION: A vulnerability was found in PyTor...

PT-2026-5024

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.10.0 Description PyTorch, a Python package for tensor computation, has an issue in its weights only unpickler. An attacker can create a malicious checkpoint file .pth that, when loaded using torch.load..., weights...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Remote Command Execution in PyTorch [CVE-2025-32434]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Remote Command Execution in PyTorch, due to a condition that exists when loading a model using torch.load with weightsonly=True CVE-2025-32434. PyTorch is used in our speech service runtimes. This vulnerabilitiy has been addressed...

CBL Mariner 2.0 Security Update: pytorch (CVE-2025-2953)

The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2953 advisory. - A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by thi...

BIT-PYTORCH-2024-31583

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp...

BIT-PYTORCH-2024-31580

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

BIT-PYTORCH-2024-31584

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbufferloader.cpp...

BIT-PYTORCH-2025-3000 PyTorch torch.jit.script memory corruption

A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used...

BIT-PYTORCH-2025-3730 PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

CVE-2024-31584

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbufferloader.cpp...

CVE-2024-31580

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-31583

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

K000151398: PyTorch vulnerability CVE-2025-32434

Security Advisory Description PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model...

Unspecified Vulnerability in PyTorch (CNVD-2025-23289)

PyTorch is a Python package open-sourced by PyTorch. PyTorch has a security vulnerability that originates from improper handling of the function torch.cuda.nccl.reduce in the file torch/cuda/nccl.py, which can be exploited by an attacker to cause a denial of service...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer.This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer.This bulletin contains information regarding the vulnerability and its fixture...