Reachable Assertion

Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Reachable Assertion when the model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv and compiled with...

CVE-2025-55553

A syntax error in the component proxytensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service DoS...

PT-2025-39412

Name of the Vulnerable Software and Affected Versions pytorch version 2.7.0 Description A syntax error in the proxy tensor.py component can lead to a Denial of Service DoS. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

GHSA-9W53-XR52-MWGJ SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

Deserialization of Untrusted Data

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the main function in the /updateweightsfromtensor process in...

CVE-2025-10164

CVE-2025-10164 affects lmsys sglang 0.4.6. The vulnerability is in the main function of the file /update_weights_from_tensor, where manipulation of the serialized_named_tensors input enables deserialization, allowing remote exploitation. Public exploits exist and the vendor was unresponsive. Publ...

PT-2025-36911

Name of the Vulnerable Software and Affected Versions lmsys sglang version 0.4.6 Description A security flaw exists in lmsys sglang version 0.4.6. The issue involves the main function within the /update weights from tensor file, which is susceptible to deserialization due to manipulation of the...

LMSYS SGLang 代码问题漏洞

LMSYS SGLang is a large language model inference engine from LMSYS open source. A code issue vulnerability exists in LMSYS SGLang version 0.4.6, which stems from a misbehavior of the parameter serializednamedtensors of the function main in the file /updateweightsfromtensor resulting in...

Integer Overflow → Heap Buffer Overflow in BYTES-Tensor Parsing (DoS)

This report is not public...

Linux Distros Unpatched Vulnerability : CVE-2023-29941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOpmlir::sparsetensor::SortOp. CVE-2023-29941 No...

Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...

Malicious code in api-usage_create-tensor (npm)

The package api-usagecreate-tensor was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-14647 Malicious code in api-usage_create-tensor (npm)

The package api-usagecreate-tensor was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

CVE-2025-23335

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service...

CVE-2025-23335

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service...

PT-2025-32169 · Nvidia · Nvidia Triton Inference Server +1

Name of the Vulnerable Software and Affected Versions: NVIDIA Triton Inference Server affected versions not specified Tensor RT backend affected versions not specified Description: The NVIDIA Triton Inference Server and its Tensor RT backend contain an issue where an attacker can trigger an...

Malicious code in tensor-nft-js (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6661 Malicious code in tensor-nft-js (npm)

--- -= Per source details. Do not edit below this line.=-...

EinHops: Einsum Notation for Expressive Homomorphic Operations on RNS-CKKS Tensors

Fully Homomorphic Encryption FHE is an encryption scheme that allows for computation to be performed directly on encrypted data, effectively closing the loop on secure and outsourced computing. Data is encrypted not only during rest and transit, but also during processing. However, FHE provides a...