Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/torch@1.6.0
Typepypi
Namespace
Nametorch
Version1.6.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.9.0
Latest_non_vulnerable_version2.9.0
Affected_by_vulnerabilities
0
url VCID-1fx4-95p5-6kgv
vulnerability_id VCID-1fx4-95p5-6kgv
summary In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
references
0
reference_url https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3
reference_id
reference_type
scores
url https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3
1
reference_url https://github.com/pytorch/pytorch/issues/88868
reference_id
reference_type
scores
url https://github.com/pytorch/pytorch/issues/88868
fixed_packages
0
url pkg:pypi/torch@1.13.1
purl pkg:pypi/torch@1.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cvu-c3jj-yyhx
1
vulnerability VCID-57ph-1jp3-rff4
2
vulnerability VCID-69gt-qhaf-63gv
3
vulnerability VCID-7563-j935-rkh5
4
vulnerability VCID-avxx-n31w-4fgu
5
vulnerability VCID-dm2h-xssw-xqhb
6
vulnerability VCID-jqpq-n5zb-2ydh
7
vulnerability VCID-pryj-149u-zqe7
8
vulnerability VCID-rr2u-g78b-yfev
9
vulnerability VCID-tw2j-udhp-nydv
10
vulnerability VCID-vy3e-sq4h-eybf
11
vulnerability VCID-x8ck-txve-s7gy
12
vulnerability VCID-z22a-fyhr-bbg4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@1.13.1
aliases CVE-2022-45907, PYSEC-2022-43015
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fx4-95p5-6kgv
1
url VCID-3cvu-c3jj-yyhx
vulnerability_id VCID-3cvu-c3jj-yyhx
summary An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
references
0
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
1
reference_url https://github.com/pytorch/pytorch/issues/151522
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/issues/151522
2
reference_url https://github.com/pytorch/pytorch/pull/151897
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/pull/151897
fixed_packages
0
url pkg:pypi/torch@2.7.1
purl pkg:pypi/torch@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dm2h-xssw-xqhb
1
vulnerability VCID-jqpq-n5zb-2ydh
2
vulnerability VCID-rr2u-g78b-yfev
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1
aliases CVE-2025-55560, PYSEC-2025-209
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3cvu-c3jj-yyhx
2
url VCID-57ph-1jp3-rff4
vulnerability_id VCID-57ph-1jp3-rff4
summary Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
references
0
reference_url https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305
reference_id
reference_type
scores
url https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305
1
reference_url https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
reference_id
reference_type
scores
url https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
fixed_packages
0
url pkg:pypi/torch@2.2.0
purl pkg:pypi/torch@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cvu-c3jj-yyhx
1
vulnerability VCID-7563-j935-rkh5
2
vulnerability VCID-dm2h-xssw-xqhb
3
vulnerability VCID-jqpq-n5zb-2ydh
4
vulnerability VCID-pryj-149u-zqe7
5
vulnerability VCID-rr2u-g78b-yfev
6
vulnerability VCID-tw2j-udhp-nydv
7
vulnerability VCID-vy3e-sq4h-eybf
8
vulnerability VCID-x8ck-txve-s7gy
9
vulnerability VCID-z22a-fyhr-bbg4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0
aliases CVE-2024-31584, PYSEC-2024-250
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57ph-1jp3-rff4
3
url VCID-69gt-qhaf-63gv
vulnerability_id VCID-69gt-qhaf-63gv
summary Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
references
0
reference_url https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176
reference_id
reference_type
scores
url https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-251.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-251.yaml
2
reference_url https://github.com/pytorch/pytorch
reference_id
reference_type
scores
url https://github.com/pytorch/pytorch
3
reference_url https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132
reference_id
reference_type
scores
url https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132
4
reference_url https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
reference_id
reference_type
scores
url https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
5
reference_url https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6619806
reference_id
reference_type
scores
url https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6619806
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31583
reference_id CVE-2024-31583
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-31583
7
reference_url https://github.com/advisories/GHSA-pg7h-5qx3-wjr3
reference_id GHSA-pg7h-5qx3-wjr3
reference_type
scores
url https://github.com/advisories/GHSA-pg7h-5qx3-wjr3
fixed_packages
0
url pkg:pypi/torch@2.2.0
purl pkg:pypi/torch@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cvu-c3jj-yyhx
1
vulnerability VCID-7563-j935-rkh5
2
vulnerability VCID-dm2h-xssw-xqhb
3
vulnerability VCID-jqpq-n5zb-2ydh
4
vulnerability VCID-pryj-149u-zqe7
5
vulnerability VCID-rr2u-g78b-yfev
6
vulnerability VCID-tw2j-udhp-nydv
7
vulnerability VCID-vy3e-sq4h-eybf
8
vulnerability VCID-x8ck-txve-s7gy
9
vulnerability VCID-z22a-fyhr-bbg4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0
aliases CVE-2024-31583, GHSA-pg7h-5qx3-wjr3, PYSEC-2024-251
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69gt-qhaf-63gv
4
url VCID-7563-j935-rkh5
vulnerability_id VCID-7563-j935-rkh5
summary PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
references
0
reference_url https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
fixed_packages
0
url pkg:pypi/torch@2.6.0
purl pkg:pypi/torch@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cvu-c3jj-yyhx
1
vulnerability VCID-8u6v-jzkr-nkb4
2
vulnerability VCID-dm2h-xssw-xqhb
3
vulnerability VCID-fzd6-jxxp-h7c8
4
vulnerability VCID-jqpq-n5zb-2ydh
5
vulnerability VCID-rr2u-g78b-yfev
6
vulnerability VCID-tw2j-udhp-nydv
7
vulnerability VCID-vy3e-sq4h-eybf
8
vulnerability VCID-w8cd-83qu-uygf
9
vulnerability VCID-x8ck-txve-s7gy
10
vulnerability VCID-xgau-bn5a-t3cg
11
vulnerability VCID-z22a-fyhr-bbg4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.6.0
aliases CVE-2025-32434, GHSA-53q9-r3pm-6pq6, PYSEC-2025-41
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7563-j935-rkh5
5
url VCID-avxx-n31w-4fgu
vulnerability_id VCID-avxx-n31w-4fgu
summary PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
references
0
reference_url https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d
reference_id
reference_type
scores
url https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-252.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-252.yaml
2
reference_url https://github.com/pytorch/pytorch
reference_id
reference_type
scores
url https://github.com/pytorch/pytorch
3
reference_url https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
reference_id
reference_type
scores
url https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
4
reference_url https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6649934
reference_id
reference_type
scores
url https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6649934
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31580
reference_id CVE-2024-31580
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-31580
6
reference_url https://github.com/advisories/GHSA-5pcm-hx3q-hm94
reference_id GHSA-5pcm-hx3q-hm94
reference_type
scores
url https://github.com/advisories/GHSA-5pcm-hx3q-hm94
fixed_packages
0
url pkg:pypi/torch@2.2.0
purl pkg:pypi/torch@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cvu-c3jj-yyhx
1
vulnerability VCID-7563-j935-rkh5
2
vulnerability VCID-dm2h-xssw-xqhb
3
vulnerability VCID-jqpq-n5zb-2ydh
4
vulnerability VCID-pryj-149u-zqe7
5
vulnerability VCID-rr2u-g78b-yfev
6
vulnerability VCID-tw2j-udhp-nydv
7
vulnerability VCID-vy3e-sq4h-eybf
8
vulnerability VCID-x8ck-txve-s7gy
9
vulnerability VCID-z22a-fyhr-bbg4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0
aliases CVE-2024-31580, GHSA-5pcm-hx3q-hm94, PYSEC-2024-252
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avxx-n31w-4fgu
6
url VCID-dm2h-xssw-xqhb
vulnerability_id VCID-dm2h-xssw-xqhb
summary pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
references
0
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
1
reference_url https://github.com/pytorch/pytorch/issues/151510
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://github.com/pytorch/pytorch/issues/151510
fixed_packages
0
url pkg:pypi/torch@2.9.0
purl pkg:pypi/torch@2.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0
aliases CVE-2025-55554, PYSEC-2025-206
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dm2h-xssw-xqhb
7
url VCID-jqpq-n5zb-2ydh
vulnerability_id VCID-jqpq-n5zb-2ydh
summary pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
references
0
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
1
reference_url https://github.com/pytorch/pytorch/issues/147847
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/issues/147847
fixed_packages
0
url pkg:pypi/torch@2.9.0
purl pkg:pypi/torch@2.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0
aliases CVE-2025-55552, PYSEC-2025-204
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqpq-n5zb-2ydh
8
url VCID-pryj-149u-zqe7
vulnerability_id VCID-pryj-149u-zqe7
summary In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
references
0
reference_url https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065
1
reference_url https://github.com/pytorch/pytorch/issues/129228
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/pytorch/pytorch/issues/129228
2
reference_url https://github.com/pytorch/pytorch/security/policy#using-distributed-features
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/pytorch/pytorch/security/policy#using-distributed-features
3
reference_url https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c
fixed_packages
0
url pkg:pypi/torch@2.5.0
purl pkg:pypi/torch@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cvu-c3jj-yyhx
1
vulnerability VCID-7563-j935-rkh5
2
vulnerability VCID-dm2h-xssw-xqhb
3
vulnerability VCID-jqpq-n5zb-2ydh
4
vulnerability VCID-rr2u-g78b-yfev
5
vulnerability VCID-tw2j-udhp-nydv
6
vulnerability VCID-vy3e-sq4h-eybf
7
vulnerability VCID-x8ck-txve-s7gy
8
vulnerability VCID-z22a-fyhr-bbg4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.5.0
aliases CVE-2024-48063, PYSEC-2024-259
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pryj-149u-zqe7
9
url VCID-rr2u-g78b-yfev
vulnerability_id VCID-rr2u-g78b-yfev
summary An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
references
0
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
1
reference_url https://github.com/pytorch/pytorch/issues/151401
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/issues/151401
fixed_packages
0
url pkg:pypi/torch@2.9.0
purl pkg:pypi/torch@2.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0
aliases CVE-2025-55551, PYSEC-2025-203
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rr2u-g78b-yfev
10
url VCID-tw2j-udhp-nydv
vulnerability_id VCID-tw2j-udhp-nydv
summary A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
references
0
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
1
reference_url https://github.com/pytorch/pytorch/issues/151432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/issues/151432
2
reference_url https://github.com/pytorch/pytorch/pull/154645
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/pull/154645
fixed_packages
0
url pkg:pypi/torch@2.7.1
purl pkg:pypi/torch@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dm2h-xssw-xqhb
1
vulnerability VCID-jqpq-n5zb-2ydh
2
vulnerability VCID-rr2u-g78b-yfev
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1
aliases CVE-2025-55553, PYSEC-2025-205
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tw2j-udhp-nydv
11
url VCID-vy3e-sq4h-eybf
vulnerability_id VCID-vy3e-sq4h-eybf
summary A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
references
0
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
1
reference_url https://github.com/pytorch/pytorch/issues/151523
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/issues/151523
2
reference_url https://github.com/pytorch/pytorch/pull/151887
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/pull/151887
fixed_packages
0
url pkg:pypi/torch@2.7.1
purl pkg:pypi/torch@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dm2h-xssw-xqhb
1
vulnerability VCID-jqpq-n5zb-2ydh
2
vulnerability VCID-rr2u-g78b-yfev
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1
aliases CVE-2025-55558, PYSEC-2025-208
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vy3e-sq4h-eybf
12
url VCID-x8ck-txve-s7gy
vulnerability_id VCID-x8ck-txve-s7gy
summary A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
references
0
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
1
reference_url https://github.com/pytorch/pytorch/issues/151738
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/issues/151738
2
reference_url https://github.com/pytorch/pytorch/pull/151931
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pytorch/pytorch/pull/151931
fixed_packages
0
url pkg:pypi/torch@2.7.1
purl pkg:pypi/torch@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dm2h-xssw-xqhb
1
vulnerability VCID-jqpq-n5zb-2ydh
2
vulnerability VCID-rr2u-g78b-yfev
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1
aliases CVE-2025-55557, PYSEC-2025-207
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x8ck-txve-s7gy
13
url VCID-z22a-fyhr-bbg4
vulnerability_id VCID-z22a-fyhr-bbg4
summary In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
references
0
reference_url https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a
1
reference_url https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093
2
reference_url https://github.com/pytorch/pytorch/issues/151198
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://github.com/pytorch/pytorch/issues/151198
3
reference_url https://github.com/pytorch/pytorch/pull/152993
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://github.com/pytorch/pytorch/pull/152993
fixed_packages
0
url pkg:pypi/torch@2.7.0
purl pkg:pypi/torch@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cvu-c3jj-yyhx
1
vulnerability VCID-dm2h-xssw-xqhb
2
vulnerability VCID-jqpq-n5zb-2ydh
3
vulnerability VCID-rr2u-g78b-yfev
4
vulnerability VCID-tw2j-udhp-nydv
5
vulnerability VCID-vy3e-sq4h-eybf
6
vulnerability VCID-x8ck-txve-s7gy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0
aliases CVE-2025-46148, PYSEC-2025-198
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z22a-fyhr-bbg4
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/torch@1.6.0