CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/14 2:59 p.m.•12 views

CVE-2026-44484

PyTorch Lightning PyPI package versions 2.6.2 and 2.6.3 have been compromised, introducing functionality consistent with a credential harvesting mechanism. This is reflected across CVE-2026-44484 and associated advisories (GHSA-w37p-236h-pfx3; OSV). The root cause is under investigation; affected...

9.8CVSS5.8AI score0.00062EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/14 2:59 p.m.•5 views

EUVD-2026-30303

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS5.8AI score0.00062EPSS

Vulnrichment•added 2026/05/14 2:59 p.m.•4 views

CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS5.8AI score0.00062EPSS

ATTACKERKB•added 2026/05/14 2:59 p.m.•5 views

CVE-2026-44484

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS5.8AI score0.00062EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/14 2:59 p.m.•33 views

CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS0.00062EPSS

CNNVD•added 2026/05/14 12:0 a.m.•5 views

PyTorch Lightning 安全漏洞

PyTorch Lightning is an open-source deep learning model pre-training and fine-tuning framework developed by Lightning AI. Version 2.6.2 and 2.6.2 of PyTorch Lightning contain security vulnerabilities, which stem from the introduction of features similar to those used in credential collection...

9.8CVSS5.8AI score0.00062EPSS

Tenable Nessus•added 2026/05/14 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-31221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The...

vulnersOsv•added 2026/05/12 6:30 p.m.•3 views

ablation (=0.1.0), ace-step (=0.1.0) +577 more potentially affected by CVE-2026-31221 via pytorch-lightning (>=0.10.0 <=2.6.0)

pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.3.0, =0.8.1, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =0.9.2, =0.1.16, =1.0.1rc1 and more Source cves: CVE-2026-31221 Source advisory: OSV:GHSA-75M9-98V2-HJPM...

8.8CVSS5.8AI score0.00191EPSS

Exploits1

Github Security Blog•added 2026/05/12 6:30 p.m.•8 views

PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

Exploits1References4Affected Software1

OSV•added 2026/05/12 6:30 p.m.•4 views

GHSA-75M9-98V2-HJPM PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

7.8CVSS6.3AI score0.00191EPSS

Exploits1References3

vulnersOsv•added 2026/05/12 5:22 p.m.•4 views

adaptive-kmpc-py (>=0.1.0 <=0.1.1), admetica (>=1.3.0 <=1.4.1) +227 more potentially affected by CVE-2026-31221 via lightning (>=2.0.0 <=2.6.0.dev20251123)

lightning PYPI version =2.0.0, =0.1.0, =1.3.0, =1.9.0, =1.9.0, =0.1.16, =0.3.0, =0.1.0, =0.1.0, =0.8.3b20230916, =0.8.3b20230916, =1.5.1b20260510 and more Source cves: CVE-2026-31221 Source advisory: SNYK:PYTHON-LIGHTNING-16643333...

8.8CVSS5.8AI score0.00191EPSS

Exploits1

vulnersOsv•added 2026/05/12 5:22 p.m.•4 views

ace-step (=0.1.0), admetica (>=1.3.0 <=1.4.1) +212 more potentially affected by CVE-2026-31221 via pytorch-lightning (>=2.0.0 <=2.6.0)

pytorch-lightning PYPI version =2.0.0, =1.3.0, =0.8.1, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =0.9.2, =0.1.16, =1.0.1rc1 - anytext-z =0.1.1 - arcagent =0.0.1 - arccmd =0.2.0 and more Source cves: CVE-2026-31221 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-16643334...

8.8CVSS5.8AI score0.00191EPSS

Exploits1

Snyk•added 2026/05/12 5:22 p.m.•3 views

Deserialization of Untrusted Data

Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this function on an untrusted...

9.8CVSS6.2AI score0.00191EPSS

NVD•added 2026/05/12 4:16 p.m.•2 views

CVE-2026-31221

8.8CVSS0.00191EPSS

UbuntuCve•added 2026/05/12 4:16 p.m.•4 views

CVE-2026-31221

OSV•added 2026/05/12 4:16 p.m.•0 views

Exploits1References1

UBUNTU-CVE-2026-31221