Lucene search
K

87 matches found

OSV
OSV
added 2026/06/16 5:53 p.m.3 views

CVE-2026-48775 LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify...

6.8CVSS6.3AI score0.00232EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.9 views

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

7.3CVSS6.1AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 6:30 p.m.7 views

GHSA-75M9-98V2-HJPM PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

7.8CVSS6.3AI score0.00385EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29505

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

6.3AI score0.00385EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.16 views

PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/05/12 5:22 p.m.12 views

Deserialization of Untrusted Data

Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this function on an untrusted...

9.8CVSS6.2AI score0.00385EPSS
Exploits1References2
NVD
NVD
added 2026/05/12 4:16 p.m.11 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS0.00385EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40060

Name of the Vulnerable Software and Affected Versions PyTorch-Lightning versions 2.6.0 and earlier Description An insecure deserialization issue exists in the checkpoint loading mechanism. The load from checkpoint function in LightningModule internally calls torch.load without the weights only=Tr...

8.8CVSS6.5AI score0.00385EPSS
Exploits1References12
CVE
CVE
added 2026/05/12 12:0 a.m.21 views

CVE-2026-31214

The vulnerability CVE-2026-31214 affects the torch-checkpoint-shrink.py script in the ml-engineering project, commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27). The script uses torch.load() to process PyTorch checkpoint files (.pt) without enabling weights_only=True, allowing the deser...

9.8CVSS6.3AI score0.00486EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

6.3AI score0.00385EPSS
Exploits1References2
OSV
OSV
added 2026/05/12 12:0 a.m.3 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.6AI score0.00385EPSS
Exploits1References4
OSV
OSV
added 2026/05/11 6:31 p.m.14 views

GHSA-7G5W-PQ96-8C5W flash-attention contains an insecure deserialization vulnerability in its checkpoint loading mechanism

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

7.3CVSS6.1AI score0.00218EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29100

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

6.1AI score0.00218EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.11 views

flash-attention contains an insecure deserialization vulnerability in its checkpoint loading mechanism

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

7.3CVSS6.1AI score0.00218EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/11 5:16 p.m.47 views

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

7.3CVSS0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.7 views

CVE-2026-31250

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

6.1AI score0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.63 views

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.7 views

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

6.1AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

FlashAttention 安全漏洞

FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention, which stems from the checkpoint loading mechanism using torch.load to load checkpoint files without enabling the...

7.3CVSS6.2AI score0.00218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.8 views

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

6.1AI score0.00218EPSS
Exploits0References2
Rows per page
Query Builder