CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

83 matches found

RedhatCVE•added 2026/05/12 8:21 p.m.•4 views

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

7.3CVSS6.1AI score0.00047EPSS

Exploits0References1

Github Security Blog•added 2026/05/12 6:30 p.m.•7 views

PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00191EPSS

Exploits1References4Affected Software1

EUVD•added 2026/05/12 6:30 p.m.•3 views

EUVD-2026-29505

6.3AI score0.00191EPSS

Exploits1References3

OSV•added 2026/05/12 6:30 p.m.•4 views

GHSA-75M9-98V2-HJPM PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

7.8CVSS6.3AI score0.00191EPSS

Exploits1References3

Snyk•added 2026/05/12 5:22 p.m.•3 views

Deserialization of Untrusted Data

Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this function on an untrusted...

9.8CVSS6.2AI score0.00191EPSS

Exploits1References2

NVD•added 2026/05/12 4:16 p.m.•2 views

CVE-2026-31221

8.8CVSS0.00191EPSS

Exploits1References2

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40060

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.load from checkpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

6.3AI score0.00191EPSS

Exploits1References3

CVE•added 2026/05/12 12:0 a.m.•6 views

CVE-2026-31214

The vulnerability CVE-2026-31214 affects the torch-checkpoint-shrink.py script in the ml-engineering project, commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27). The script uses torch.load() to process PyTorch checkpoint files (.pt) without enabling weights_only=True, allowing the deser...

9.8CVSS6.3AI score0.00513EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 12:0 a.m.•3 views

CVE-2026-31221

6.3AI score0.00191EPSS

Exploits1References2

OSV•added 2026/05/11 6:31 p.m.•2 views

GHSA-7G5W-PQ96-8C5W flash-attention contains an insecure deserialization vulnerability in its checkpoint loading mechanism

7.3CVSS6.1AI score0.00047EPSS

Exploits0References3

Github Security Blog•added 2026/05/11 6:31 p.m.•5 views

flash-attention contains an insecure deserialization vulnerability in its checkpoint loading mechanism

7.3CVSS6.1AI score0.00047EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/11 6:31 p.m.•5 views

EUVD-2026-29100

6.1AI score0.00047EPSS

Exploits0References3

NVD•added 2026/05/11 5:16 p.m.•7 views

CVE-2026-31253

7.3CVSS0.00047EPSS

Exploits0References2

ATTACKERKB•added 2026/05/11 12:0 a.m.•3 views

CVE-2026-31250

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

6.1AI score0.00047EPSS

Exploits0References3

ATTACKERKB•added 2026/05/11 12:0 a.m.•3 views

CVE-2026-31253

6.1AI score0.00047EPSS

Exploits0References3

Vulnrichment•added 2026/05/11 12:0 a.m.•5 views

CVE-2026-31253

6.1AI score0.00047EPSS

Exploits0References2

CNNVD•added 2026/05/11 12:0 a.m.•3 views

FlashAttention 安全漏洞

FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention, which stems from the checkpoint loading mechanism using torch.load to load checkpoint files without enabling the...

7.3CVSS6.2AI score0.00047EPSS

Exploits0References2

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39638

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The load checkpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

6.1AI score0.00047EPSS

Exploits0References3

CVE•added 2026/05/11 12:0 a.m.•5 views

CVE-2026-31253

The CVE-2026-31253 entry concerns the flash-attention training framework. A deserialization flaw exists in the checkpoint loading path (checkpoint.py load_checkpoint and eval.py) where torch.load() is used without weights_only=True, enabling pickle-based object deserialization. This can allow an ...

7.3CVSS6.1AI score0.00047EPSS

Exploits0References2

Cvelist•added 2026/05/11 12:0 a.m.•25 views

CVE-2026-31253

0.00047EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by