CVE-2025-32434

PyTorch contains a Remote Command Execution (RCE) vulnerability in versions 2.5.1 and earlier when loading a model with torch.load and weights_only=True. The issue is publicly documented and has been patched in version 2.6.0. External notices reiterate that upgrading to 2.6.0+ mitigates the flaw;...

CVE-2026-24747

PyTorch prior to v2.10.0 is vulnerable to memory corruption and potential arbitrary code execution via the weights_only unpickler when loading a malicious .pth checkpoint with torch.load(..., weights_only=True). Affected software is PyTorch (Python tensor computation package); the issue is fixed ...

CVE-2022-45907

CVE-2022-45907 is a PyTorch vulnerability where torch.jit.annotations.parse_type_line uses eval unsafely, enabling arbitrary code execution. Documented impact is high (CRITICAL, CVSS 3.1/3.0 vectors with 9.8 base score). Affected IBM products include Watson Studio for Cloud Pak for Data (versions...

CVE-2024-31584

CVE-2024-31584 affects PyTorch before v2.2.0 and is caused by an out-of-bounds read in the torch/csrc/jit/mobile/flatbuffer_loader.cpp. Affected software is PyTorch up to 2.1.x; exploitation could arise from processing crafted input via the flatbuffer loader, with the documented impact being an o...

CVE-2024-31580

CVE-2024-31580 affects PyTorch prior to 2.2.0, due to a heap-based buffer overflow in /runtime/vararg_functions.cpp. A crafted input can cause a Denial of Service. The available connected documents indicate vulnerable PyTorch versions and a clear remediation: upgrade to PyTorch 2.2.0 or newer (or...

CVE-2024-31583

CVE-2024-31583 affects PyTorch due to a use-after-free flaw in torch/csrc/jit/mobile/interpreter.cpp. Affected versions: PyTorch prior to 2.2.0; the issue enables denial of service when a victim opens crafted content. Exploitation details are not provided beyond the vulnerability description in t...