1098 matches found
CVE-2025-55557
CVE-2025-55557 : A NameError occurs in PyTorch v2.7.0 when a model uses torch.cummin and is compiled by Inductor, leading to a Denial of Service. The initial description provides the affected components and the root cause, but no public remediation or exploitation details are documented in the su...
Incorrect Bitwise Shift of Integer
Overview Affected versions of this package are vulnerable to Incorrect Bitwise Shift of Integer in the torch.bitwiserightshift function. An attacker can modify data integrity by leveraging local access with low privileges even if config.fallbackrandom is set to True. Remediation Upgrade...
CVE-2025-55551
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...
CVE-2025-55553
CVE-2025-55553 is described across sources as a DoS vulnerability in PyTorch v2.7.0 caused by a syntax error in the proxy_tensor.py component. The linked documents (NVD/NIST entry and IBM watsonx bulletin listing this CVE among PyTorch-related issues) confirm the affected product and the basic fl...
CVE-2025-46152
CVE-2025-46152 affects PyTorch where bitwise_right_shift can produce incorrect output for certain out-of-bounds values of the OTHER argument. Affected versions include PyTorch before 2.7.0; a patched version is available. The connected Mariner data notes PyTorch packages less than 2.2.2-9 are aff...
PT-2025-39412
Name of the Vulnerable Software and Affected Versions pytorch version 2.7.0 Description A syntax error in the proxy tensor.py component can lead to a Denial of Service DoS. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2025-39379
Name of the Vulnerable Software and Affected Versions PyTorch versions through 2.6.0 Description When eager mode is used, the nn.PairwiseDistancep=2 function in PyTorch produces incorrect results. The p parameter in the nn.PairwiseDistance function determines the distance metric. A value of 2...
CVE-2025-46149
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error...
CVE-2025-46150
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4287 DESCRIPTION: A vulnerability was found in PyTor...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-3000 DESCRIPTION: A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The...
CVE-2025-10155
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
GHSA-J424-MC44-F4HJ Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references. Original Description An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and includin...
Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references. Original Description An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and includin...
PYSEC-2025-151
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
PYSEC-2025-151
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
CVE-2025-10155
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
picklescan 输入验证错误漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. An input validation error vulnerability exists in picklescan version 0.0.30 and earlier, which stems from improper input validation in the scanning logic and could allow a remote attacker to bypass security...