Lucene search
K

440 matches found

Snyk
Snyk
added 2026/05/12 5:22 p.m.12 views

Deserialization of Untrusted Data

Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this function on an untrusted...

9.8CVSS6.2AI score0.00385EPSS
Exploits1References2
NVD
NVD
added 2026/05/12 4:16 p.m.9 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS0.00385EPSS
Exploits1References2
OSV
OSV
added 2026/05/12 4:16 p.m.5 views

UBUNTU-CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/12 4:16 p.m.11 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.37 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

0.00385EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Pytorch-Lightning 安全漏洞

PyTorch-Lightning is an open-source lightweight PyTorch wrapper developed by Lightning AI in the United States. It is used for high-performance AI research. Versions of PyTorch-Lightning prior to 2.6.0 contain security vulnerabilities. These vulnerabilities stem from the...

8.8CVSS6.2AI score0.00385EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.7 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

6.3AI score0.00385EPSS
Exploits1References2
CVE
CVE
added 2026/05/12 12:0 a.m.19 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() (and related checkpoint loading paths) call torch.load() without weights_only=True, allowing deserialization of ...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40060

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.load from checkpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

6.3AI score0.00385EPSS
Exploits1References3
Veracode
Veracode
added 2026/05/09 5:42 a.m.6 views

Credential Harvesting Functionality

pytorchlightning is vulnerable to credential harvesting functionality. The vulnerability is due to the introduction of functionality in versions 2.6.2 that is consistent with a credential harvesting mechanism, which allows an attacker to capture or misuse sensitive credentials through malicious...

9.8CVSS5.9AI score0.00392EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/07 12:52 a.m.27 views

GHSA-W37P-236H-PFX3 Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...

9.8CVSS5.9AI score0.00392EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 12:52 a.m.12 views

Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...

9.8CVSS5.9AI score0.00392EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.25 views

PT-2026-38407

Name of the Vulnerable Software and Affected Versions PyTorch Lightning versions 2.6.2 through 2.6.3 Description PyTorch Lightning, a deep learning framework used to pretrain and finetune AI models, contains compromised versions that include malicious code. This code introduces functionality...

9.8CVSS5.8AI score0.00392EPSS
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/30 4:53 p.m.10 views

Malicious code in lightning (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 703ac419d775488be137d7e01517d768da0b5581ab63338fb9523f2289f2b92c Versions 2.6.2, 2.6.3 were compromised. Compromised versions contain injected code that starts automatically during importing the module, downloads legitimate...

5.5AI score
Exploits0References5
OSV
OSV
added 2026/04/30 4:53 p.m.9 views

MAL-2026-3201 Malicious code in lightning (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 703ac419d775488be137d7e01517d768da0b5581ab63338fb9523f2289f2b92c Versions 2.6.2, 2.6.3 were compromised. Compromised versions contain injected code that starts automatically during importing the module, downloads legitimate...

5.5AI score
Exploits0References5
The Hacker News
The Hacker News
added 2026/04/30 4:31 p.m.16 views

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2...

6AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/29 9:0 p.m.5 views

aana (>=0.2.1 <=0.2.2.2), adaptive-kmpc-py (>=0.1.0 <=0.1.1) +1046 more potentially affected by CVE-2026-44484 via lightning (>=1.8.6 <=2.6.5)

lightning PYPI version =1.8.6, =0.2.1, =0.1.0, =2.0.0, =1.3.0, =0.2.0, =1.0.1, =2025.4.0, =0.0.0, =0.1.11, =1.8.15, =1.8.17, =1.8.14, =2.2.0 and more Source cves: CVE-2026-44484 Source advisory: SNYK:PYTHON-LIGHTNING-16323121...

9.8CVSS5.7AI score0.00392EPSS
Exploits0
Snyk
Snyk
added 2026/04/29 9:0 p.m.6 views

Embedded Malicious Code

Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publi...

9.8CVSS6AI score0.00392EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/28 8:18 p.m.2 views

fl-manager-components-datasets-torch (=0.1.0), fl-manager-components-formatters-pillow (=0.1.0) +11 more potentially affected by CVE-2026-24178 via nvflare (>=2.2.0 <=2.7.1)

nvflare PYPI version =2.2.0, =0.1.0, =0.2.0, =3.1.27, =3.1.27, =3.1.29, =3.1.31 Source cves: CVE-2026-24178 Source advisory: SNYK:PYTHON-NVFLARE-16318747...

9.8CVSS5.4AI score0.00573EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.5 views

SUSE CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

6.5CVSS5.8AI score0.00423EPSS
Exploits0References3
Rows per page
Query Builder