CVE-2021-4118

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

CVE-2022-0845

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0...

CVE-2024-5452

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

CVE-2021-22918 affecting package pytorch for versions less than 2.2.2-4

CVE-2021-22918 affecting package pytorch for versions less than 2.2.2-4. A patched version of the package is available...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch [CVE-2024-31580]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has bee...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch [CVE-2024-31583]

Summary IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch, caused by a use-after-free flaw in the torch/csrc/jit/mobile/interpreter.cpp component. CVE-2024-31583. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please re...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch [CVE-2024-31580]

Summary IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read...

CVE-2022-1941 affecting package pytorch for versions less than 2.0.0-7

CVE-2022-1941 affecting package pytorch for versions less than 2.0.0-7. A patched version of the package is available...

Exploit for Deserialization of Untrusted Data in Huggingface Transformers

CVE-2024-11392 Hugging Face Transformers MobileViTV2 Des...

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning ML tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22...

November Linux Patch Wednesday

November Linux Patch Wednesday. I was happy in October that the number of vulnerabilities was gradually decreasing to an acceptable level, and in November I got a peak again. A total of 803 vulnerabilities. Of these, 567 are in the Linux Kernel. Kind of crazy. 2 vulnerabilities in Chromium with...

CVE-2024-5187 affecting package pytorch for versions less than 2.2.2-3

CVE-2024-5187 affecting package pytorch for versions less than 2.2.2-3. A patched version of the package is available...

PT-2025-17312

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.6.0 PyTorch ≤2.5.1 Description PyTorch is vulnerable to a Remote Command Execution RCE vulnerability. This flaw exists in versions 2.5.1 and prior, specifically when loading a model using the torch.load function wit...

Malicious code in pytorch-lighting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62c64e574f5ad4d75ebc2c82d4cc48edb6185486f8379bfd2a7bd330ce94f50e A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

MAL-2024-10726 Malicious code in pytorch-lighting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62c64e574f5ad4d75ebc2c82d4cc48edb6185486f8379bfd2a7bd330ce94f50e A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch [CVE-2024-31583]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch, caused by a use-after-free flaw in the torch/csrc/jit/mobile/interpreter.cpp component CVE-2024-31583. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has...

PYSEC-2024-259

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

PYSEC-2024-259

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

DEBIAN-CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...