Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1098 matches found

Github Security Blog
Github Security Blogadded 2026/05/12 6:30 p.m.8 views

PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00191EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2026/05/12 6:30 p.m.4 views

GHSA-75M9-98V2-HJPM PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

7.8CVSS6.3AI score0.00191EPSS
Exploits1References3
vulnersOsv
vulnersOsvadded 2026/05/12 5:22 p.m.3 views

ace-step (=0.1.0), admetica (>=1.3.0 <=1.4.1) +212 more potentially affected by CVE-2026-31221 via pytorch-lightning (>=2.0.0 <=2.6.0)

pytorch-lightning PYPI version =2.0.0, =1.3.0, =0.8.1, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =0.9.2, =0.1.16, =1.0.1rc1 - anytext-z =0.1.1 - arcagent =0.0.1 - arccmd =0.2.0 and more Source cves: CVE-2026-31221 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-16643334...

8.8CVSS5.8AI score0.00191EPSS
Exploits1
NVD
NVDadded 2026/05/12 4:16 p.m.2 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS0.00191EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2026/05/12 4:16 p.m.3 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00191EPSS
Exploits1References1
OSV
OSVadded 2026/05/12 4:16 p.m.0 views

UBUNTU-CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00191EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/05/12 12:0 a.m.4 views

Pytorch-Lightning 安全漏洞

PyTorch-Lightning is an open-source lightweight PyTorch wrapper developed by Lightning AI in the United States. It is used for high-performance AI research. Versions of PyTorch-Lightning prior to 2.6.0 contain security vulnerabilities. These vulnerabilities stem from the...

8.8CVSS6.2AI score0.00191EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/12 12:0 a.m.25 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

0.00054EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.7 views

PT-2026-40060

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.load from checkpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

6.3AI score0.00191EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.5 views

PT-2026-40066

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

6.5AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/12 12:0 a.m.27 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

0.00191EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/12 12:0 a.m.24 views

CVE-2026-31214

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...

0.00513EPSS
Exploits0References2
CVE
CVEadded 2026/05/12 12:0 a.m.8 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() (and related checkpoint loading paths) call torch.load() without weights_only=True, allowing deserialization of ...

8.8CVSS6.3AI score0.00191EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/12 12:0 a.m.2 views

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

6.3AI score0.00088EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/12 12:0 a.m.4 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

6.5AI score0.00378EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/12 12:0 a.m.3 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

6.3AI score0.00191EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/12 12:0 a.m.26 views

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

0.00164EPSS
Exploits0References2
CVE
CVEadded 2026/05/12 12:0 a.m.6 views

CVE-2026-31228

The connected documents confirm a vulnerability in the Adversarial Robustness Toolbox (ART) up to version 1.20.1, specifically in its Kubeflow component. The root cause is that the robustness evaluation function for PyTorch models uses Python’s unsafe eval() to dynamically evaluate user-supplied ...

9.8CVSS6.5AI score0.00378EPSS
Exploits0References2
vulnersOsv
vulnersOsvadded 2026/05/11 9:31 p.m.4 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2026-2614 via mlflow (>=0.8.2 <=3.0.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 - apache-submarine =0.6.0 and more Source cves: CVE-2026-2614 Source advisory: OSV:GHSA-42H5-H8QH-VV9V...

7.5CVSS7AI score0.0005EPSS
Exploits1
EUVD
EUVDadded 2026/05/11 6:31 p.m.2 views

EUVD-2026-29097

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

6.1AI score0.00047EPSS
Exploits0References3
Rows per page
Query Builder