Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/29938?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/29938?format=api", "purl": "pkg:pypi/torch@1.12.1", "type": "pypi", "namespace": "", "name": "torch", "version": "1.12.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.7.1rc1", "latest_non_vulnerable_version": "2.9.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36319?format=api", "vulnerability_id": "VCID-1fx4-95p5-6kgv", "summary": "In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74883", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45907" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2022-43015.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2022-43015.yaml" }, { "reference_url": "https://github.com/pytorch/pytorch", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch" }, { "reference_url": "https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/88868", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/issues/88868" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/89855", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/issues/89855" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/89189", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/pull/89189" }, { "reference_url": "https://github.com/pytorch/pytorch/releases/tag/v1.13.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/releases/tag/v1.13.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45907", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45907" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024903", "reference_id": "1024903", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024903" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29940?format=api", "purl": "pkg:pypi/torch@1.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-57ph-1jp3-rff4" }, { "vulnerability": "VCID-69gt-qhaf-63gv" }, { "vulnerability": "VCID-7563-j935-rkh5" }, { "vulnerability": "VCID-avxx-n31w-4fgu" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-pryj-149u-zqe7" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" }, { "vulnerability": "VCID-z22a-fyhr-bbg4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@1.13.1" } ], "aliases": [ "CVE-2022-45907", "GHSA-47fc-vmwq-366v", "PYSEC-2022-43015" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fx4-95p5-6kgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37127?format=api", "vulnerability_id": "VCID-3cvu-c3jj-yyhx", "summary": "An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55560.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55560.json" }, { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151522", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151522" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/151897", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/pull/151897" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116531", "reference_id": "1116531", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116531" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398211", "reference_id": "2398211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398211" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46368?format=api", "purl": "pkg:pypi/torch@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1" } ], "aliases": [ "CVE-2025-55560", "PYSEC-2025-209" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cvu-c3jj-yyhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36767?format=api", "vulnerability_id": "VCID-57ph-1jp3-rff4", "summary": "Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.", "references": [ { "reference_url": "https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305" }, { "reference_url": "https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379", "reference_id": "1070379", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40905?format=api", "purl": "pkg:pypi/torch@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-7563-j935-rkh5" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-pryj-149u-zqe7" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" }, { "vulnerability": "VCID-z22a-fyhr-bbg4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0" } ], "aliases": [ "CVE-2024-31584", "PYSEC-2024-250" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57ph-1jp3-rff4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36764?format=api", "vulnerability_id": "VCID-69gt-qhaf-63gv", "summary": "Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.", "references": [ { "reference_url": "https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-251.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-251.yaml" }, { "reference_url": "https://github.com/pytorch/pytorch", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch" }, { "reference_url": "https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132" }, { "reference_url": "https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6619806", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6619806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379", "reference_id": "1070379", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583", "reference_id": "CVE-2024-31583", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583" }, { "reference_url": "https://github.com/advisories/GHSA-pg7h-5qx3-wjr3", "reference_id": "GHSA-pg7h-5qx3-wjr3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pg7h-5qx3-wjr3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40905?format=api", "purl": "pkg:pypi/torch@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-7563-j935-rkh5" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-pryj-149u-zqe7" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" }, { "vulnerability": "VCID-z22a-fyhr-bbg4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0" } ], "aliases": [ "CVE-2024-31583", "GHSA-pg7h-5qx3-wjr3", "PYSEC-2024-251" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69gt-qhaf-63gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37048?format=api", "vulnerability_id": "VCID-7563-j935-rkh5", "summary": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.", "references": [ { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml" }, { "reference_url": "https://github.com/pytorch/pytorch", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch" }, { "reference_url": "https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04" }, { "reference_url": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32434", "reference_id": "CVE-2025-32434", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32434" }, { "reference_url": "https://github.com/advisories/GHSA-53q9-r3pm-6pq6", "reference_id": "GHSA-53q9-r3pm-6pq6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-53q9-r3pm-6pq6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45018?format=api", "purl": "pkg:pypi/torch@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-8u6v-jzkr-nkb4" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-fzd6-jxxp-h7c8" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-w8cd-83qu-uygf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" }, { "vulnerability": "VCID-xgau-bn5a-t3cg" }, { "vulnerability": "VCID-z22a-fyhr-bbg4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.6.0" } ], "aliases": [ "CVE-2025-32434", "GHSA-53q9-r3pm-6pq6", "PYSEC-2025-41" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7563-j935-rkh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36765?format=api", "vulnerability_id": "VCID-avxx-n31w-4fgu", "summary": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "references": [ { "reference_url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-252.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-252.yaml" }, { "reference_url": "https://github.com/pytorch/pytorch", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch" }, { "reference_url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6649934", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6649934" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379", "reference_id": "1070379", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580", "reference_id": "CVE-2024-31580", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580" }, { "reference_url": "https://github.com/advisories/GHSA-5pcm-hx3q-hm94", "reference_id": "GHSA-5pcm-hx3q-hm94", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5pcm-hx3q-hm94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40905?format=api", "purl": "pkg:pypi/torch@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-7563-j935-rkh5" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-pryj-149u-zqe7" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" }, { "vulnerability": "VCID-z22a-fyhr-bbg4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0" } ], "aliases": [ "CVE-2024-31580", "GHSA-5pcm-hx3q-hm94", "PYSEC-2024-252" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avxx-n31w-4fgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37124?format=api", "vulnerability_id": "VCID-dm2h-xssw-xqhb", "summary": "pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55554.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55554.json" }, { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151510", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://github.com/pytorch/pytorch/issues/151510" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116534", "reference_id": "1116534", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116534" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398196", "reference_id": "2398196", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398196" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46370?format=api", "purl": "pkg:pypi/torch@2.9.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0" } ], "aliases": [ "CVE-2025-55554", "PYSEC-2025-206" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dm2h-xssw-xqhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37122?format=api", "vulnerability_id": "VCID-jqpq-n5zb-2ydh", "summary": "pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55552.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55552.json" }, { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/147847", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/147847" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116536", "reference_id": "1116536", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116536" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398192", "reference_id": "2398192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46370?format=api", "purl": "pkg:pypi/torch@2.9.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0" } ], "aliases": [ "CVE-2025-55552", "PYSEC-2025-204" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqpq-n5zb-2ydh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36918?format=api", "vulnerability_id": "VCID-pryj-149u-zqe7", "summary": "In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.", "references": [ { "reference_url": "https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/129228", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/129228" }, { "reference_url": "https://github.com/pytorch/pytorch/security/policy#using-distributed-features", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/pytorch/pytorch/security/policy#using-distributed-features" }, { "reference_url": "https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43772?format=api", "purl": "pkg:pypi/torch@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-7563-j935-rkh5" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" }, { "vulnerability": "VCID-z22a-fyhr-bbg4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.5.0" } ], "aliases": [ "CVE-2024-48063", "PYSEC-2024-259" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pryj-149u-zqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37121?format=api", "vulnerability_id": "VCID-rr2u-g78b-yfev", "summary": "An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55551.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55551.json" }, { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151401", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151401" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116537", "reference_id": "1116537", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116537" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398186", "reference_id": "2398186", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398186" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46370?format=api", "purl": "pkg:pypi/torch@2.9.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0" } ], "aliases": [ "CVE-2025-55551", "PYSEC-2025-203" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rr2u-g78b-yfev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37123?format=api", "vulnerability_id": "VCID-tw2j-udhp-nydv", "summary": "A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55553.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55553.json" }, { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151432" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/154645", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/pull/154645" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116535", "reference_id": "1116535", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398193", "reference_id": "2398193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398193" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46368?format=api", "purl": "pkg:pypi/torch@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1" } ], "aliases": [ "CVE-2025-55553", "PYSEC-2025-205" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tw2j-udhp-nydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37126?format=api", "vulnerability_id": "VCID-vy3e-sq4h-eybf", "summary": "A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55558.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55558.json" }, { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151523", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151523" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/151887", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/pull/151887" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116532", "reference_id": "1116532", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116532" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398201", "reference_id": "2398201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398201" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46368?format=api", "purl": "pkg:pypi/torch@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1" } ], "aliases": [ "CVE-2025-55558", "PYSEC-2025-208" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vy3e-sq4h-eybf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37125?format=api", "vulnerability_id": "VCID-x8ck-txve-s7gy", "summary": "A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55557.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55557.json" }, { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151738", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151738" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/151931", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/pull/151931" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116533", "reference_id": "1116533", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116533" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398190", "reference_id": "2398190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46368?format=api", "purl": "pkg:pypi/torch@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1" } ], "aliases": [ "CVE-2025-55557", "PYSEC-2025-207" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8ck-txve-s7gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37116?format=api", "vulnerability_id": "VCID-z22a-fyhr-bbg4", "summary": "In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46148.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46148.json" }, { "reference_url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a" }, { "reference_url": "https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151198", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/issues/151198" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/152993", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/pull/152993" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116543", "reference_id": "1116543", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116543" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398164", "reference_id": "2398164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46367?format=api", "purl": "pkg:pypi/torch@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0" } ], "aliases": [ "CVE-2025-46148", "PYSEC-2025-198" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z22a-fyhr-bbg4" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@1.12.1" }