EUVD-2026-29503

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...

PT-2026-40116

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

CVE-2026-31229

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

PT-2026-40058

The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line...

CVE-2026-31229

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

PT-2026-40125

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weights only=True...

GHSA-MGX6-5CF9-RR43 Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

Arbitrary Code Injection

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Arbitrary Code Injection via the reranking endpoint when a model file containing a malicious tokenizer.chattemplate is loaded, due to...

CVE-2026-0875

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

Heap-based Buffer Overflow

Overview sentencepiece is an Unsupervised text tokenizer and detokenizer. Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the processing of a malicious model file. An attacker can cause the application to access invalid memory regions by supplying a model file...

lmdeploy 代码问题漏洞

lmdeploy is an InternLM open source toolkit for compressing, deploying and servicing LLM. A code issue vulnerability exists in versions of lmdeploy prior to 0.11.1 that stems from loading model checkpoint files without using the weightsonly parameter, which could lead to an attacker executing...

CVE-2025-10888

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

CVE-2025-10899

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

EUVD-2025-203453

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

EUVD-2025-203451

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

CVE-2025-10898

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

PT-2025-51332

Name of the Vulnerable Software and Affected Versions Autodesk products affected versions not specified Description A specially designed MODEL file can trigger an Out-of-Bounds Write issue when processed by specific Autodesk products. Successful exploitation could lead to a program crash, data...

PT-2025-51333

Name of the Vulnerable Software and Affected Versions Autodesk AutoCAD affected versions not specified Description A specially crafted MODEL file can trigger an Out-of-Bounds Write issue when processed by specific Autodesk products. Successful exploitation could allow a malicious actor to cause a...

Remote Command Execution

scio-pypi is vulnerable to Remote Command Execution. The vulnerability is due to torch.load executing unsafe deserialization even when weightsonly=True, which allows an attacker to craft malicious model files that trigger arbitrary code execution during loading...

EUVD-2025-25170

Malicious code in bioql PyPI...