72 matches found
EUVD-2026-33701
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
CVE-2026-38950
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
CVE-2026-38950
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
CVE-2026-38950
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
CVE-2026-38950
CVE-2026-38950 affects ESA AnomalyMatch prior to 1.3.1. The issue arises from loading model files from session directories with torch.load(), enabling unrestricted deserialization and arbitrary code execution. Affected component: model checkpoint loading in AnomalyMatch. Impact: potential full co...
PT-2026-45457
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
EUVD-2026-29498
The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...
Deserialization of Untrusted Data
Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this functio...
EUVD-2026-29097
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...
CVE-2026-31250
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...
FlashAttention 安全漏洞
FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention, which stems from the checkpoint loading mechanism using torch.load to load checkpoint files without enabling the...
CosyVoice 安全漏洞
CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability. This vulnerability stems from the averagemodel.py model averaging tool, which loads checkpoint files using torch.load without enabling the weights-only=True...
CVE-2026-31250
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...
Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR)
Impact Aegra deployments running 0.9.0 through 0.9.6 with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated user User A, given another user's threadid User B, can: - Execute graph runs against User B's thread via POST /threads/threadid/runs...
Hugging Face Transformers 安全漏洞
Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multi-modal models, and can be used for both inference and training. There is a security vulnerability in Hugging Face...
Applying security fundamentals to AI: Practical advice for CISOs
What to know about the era of AI The first thing to know is that AI isn’t magic The best way to think about how to effectively use and secure a modern AI system is to imagine it like a very new, very junior person. It’s very smart and eager to help but can also be extremely unintelligent. Like a...
Deserialization of Untrusted Data
Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the torch.load checkpoint and model import paths in the nemo collections and checkpoint utilities. An attacker can execute arbitrary code...
Deserialization of Untrusted Data
Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the msgpack-encoded checkpoints. An attacker can execute arbitrary code by supplying a crafted msgpack-encoded payload to the...
Deserialization of Untrusted Data
Overview langgraph-checkpoint is a library with base interfaces for LangGraph checkpoint savers. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the msgpack-encoded checkpoints. An attacker can execute arbitrary code by supplying a crafted msgpack-encoded...
GHSA-G48C-2WQR-H844 LangGraph checkpoint loading has unsafe msgpack deserialization
LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...