1098 matches found
PT-2026-5024
Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.10.0 Description PyTorch, a Python package for tensor computation, has an issue in its weights only unpickler. An attacker can create a malicious checkpoint file .pth that, when loaded using torch.load..., weights...
GHSA-JGW4-CR84-MQXG Picklescan Bypass is Possible via File Extension Mismatch
Summary Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension e.g., .bin. This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle...
Protection Mechanism Failure
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the scanbytes function. An attacker can bypass detection of malicious content by disguising a standard pickle...
Picklescan Bypass is Possible via File Extension Mismatch
Summary Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension e.g., .bin. This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle...
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check CRC. Instead of attempting to scan the files within the archive, whatever the CRC is, Picklescan fails in error and returns no results...
GHSA-MJQP-26HC-GRXG Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check CRC. Instead of attempting to scan the files within the archive, whatever the CRC is, Picklescan fails in error and returns no results...
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from PickleScan's strict check for full module names against its list of unsafe globals. By using subclasses of dangerous imports instead o...
MAL-2025-45666 Malicious code in pytorch-doc-zh (npm)
The package pytorch-doc-zh was found to contain malicious code...
Malicious code in pytorch-doc-zh (npm)
The package pytorch-doc-zh was found to contain malicious code...
PyTorch nccl.py torch.cuda.nccl.reduce denial of service
...
Linux Distros Unpatched Vulnerability : CVE-2025-3121
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer. The manipulation leads to...
Linux Distros Unpatched Vulnerability : CVE-2025-3730
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file...
Linux Distros Unpatched Vulnerability : CVE-2025-4287
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file...
Linux Distros Unpatched Vulnerability : CVE-2025-2998
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.padpackedsequenc...
Linux Distros Unpatched Vulnerability : CVE-2025-3001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstmcell. The manipulation leads to memory...
Linux Distros Unpatched Vulnerability : CVE-2025-3136
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.cachingallocatordelete ...
Linux Distros Unpatched Vulnerability : CVE-2025-2148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Remote Command Execution in PyTorch [CVE-2025-32434]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Remote Command Execution in PyTorch, due to a condition that exists when loading a model using torch.load with weightsonly=True CVE-2025-32434. PyTorch is used in our speech service runtimes. This vulnerabilitiy has been addressed...
Linux Distros Unpatched Vulnerability : CVE-2025-2149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnqSigmoid of the component Quantized...
Linux Distros Unpatched Vulnerability : CVE-2025-32434
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In...