13 matches found
CVE-2026-14647
A flaw was found in onnx. This vulnerability, located in the convPoolShapeInferenceopset19 function of the onnxruntime component, allows a remote attacker to perform an out-of-bounds read. This could lead to the disclosure of sensitive information. Mitigation Mitigation for this issue is either n...
Linux Distros Unpatched Vulnerability : CVE-2026-14647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of th...
CVE-2026-14647 onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds
A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...
Directory Traversal
Overview onnxruntime is a performance-focused scoring engine for Open Neural Network Exchange ONNX models. Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of external TensorProto data paths. The external data loading path validation did not...
aa-rag (>=0.4.2 <=0.4.3), aana (>=0.2.1 <=0.2.2) +954 more potentially affected by unknown CVE via onnxruntime (>=1.0.0 <=1.23.2)
onnxruntime PYPI version =1.0.0, =0.4.2, =0.2.1, =0.1.0b1, =0.25.14, =1.0.0, =0.1.0, =0.4.0, =0.1.8, =0.1.0, =0.1.0, =1.0.6, =0.4.0, =0.4.1 - agentic-resume-builder =0.1.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-ONNXRUNTIME-15869956...
Malicious code in onnxruntime-winml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5566aa4ecc644b36e90902092563c05e1852d751381539398f2307ae1fbefae6 Package is just calling home and there is no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anything th...
MAL-2025-191806 Malicious code in onnxruntime-winml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5566aa4ecc644b36e90902092563c05e1852d751381539398f2307ae1fbefae6 Package is just calling home and there is no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anything th...
MAL-2025-41597 Malicious code in quick-start_onnxruntime-web-bundler (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in quick-start_onnxruntime-web-bundler (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in onnxruntime-reactnative-example (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41587 Malicious code in onnxruntime-reactnative-example (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-31297 Malicious code in quick-start_onnxruntime-node (npm)
The package quick-startonnxruntime-node was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in quick-start_onnxruntime-node (npm)
The package quick-startonnxruntime-node was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...