Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/paddlepaddle@2.4.0
Typepypi
Namespace
Namepaddlepaddle
Version2.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.6.1
Latest_non_vulnerable_version2.6.1
Affected_by_vulnerabilities
0
url VCID-17s7-wrdn-ebes
vulnerability_id VCID-17s7-wrdn-ebes
summary FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38675
reference_id CVE-2023-38675
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38675
5
reference_url https://github.com/advisories/GHSA-jm68-fpmr-8j2g
reference_id GHSA-jm68-fpmr-8j2g
reference_type
scores
url https://github.com/advisories/GHSA-jm68-fpmr-8j2g
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-38675, GHSA-jm68-fpmr-8j2g, PYSEC-2024-130
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17s7-wrdn-ebes
1
url VCID-35qf-2v8r-t3cf
vulnerability_id VCID-35qf-2v8r-t3cf
summary FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-140.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-140.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52308
reference_id CVE-2023-52308
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52308
5
reference_url https://github.com/advisories/GHSA-v9pg-qw6x-w5r2
reference_id GHSA-v9pg-qw6x-w5r2
reference_type
scores
url https://github.com/advisories/GHSA-v9pg-qw6x-w5r2
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52308, GHSA-v9pg-qw6x-w5r2, PYSEC-2024-140
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35qf-2v8r-t3cf
2
url VCID-45e3-a2hf-4bh9
vulnerability_id VCID-45e3-a2hf-4bh9
summary PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/49bec176053595975c1941cff9749c55f7203ea9
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/49bec176053595975c1941cff9749c55f7203ea9
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-142.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-142.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52310
reference_id CVE-2023-52310
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52310
5
reference_url https://github.com/advisories/GHSA-j5h9-9r39-43q5
reference_id GHSA-j5h9-9r39-43q5
reference_type
scores
url https://github.com/advisories/GHSA-j5h9-9r39-43q5
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52310, GHSA-j5h9-9r39-43q5, PYSEC-2024-142
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45e3-a2hf-4bh9
3
url VCID-49pw-ktz7-jfh4
vulnerability_id VCID-49pw-ktz7-jfh4
summary FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-137.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-137.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52305
reference_id CVE-2023-52305
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52305
5
reference_url https://github.com/advisories/GHSA-rx2r-q96c-w5cc
reference_id GHSA-rx2r-q96c-w5cc
reference_type
scores
url https://github.com/advisories/GHSA-rx2r-q96c-w5cc
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52305, GHSA-rx2r-q96c-w5cc, PYSEC-2024-137
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49pw-ktz7-jfh4
4
url VCID-5s1z-ubhw-y7af
vulnerability_id VCID-5s1z-ubhw-y7af
summary Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
references
0
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38669
reference_id CVE-2023-38669
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38669
fixed_packages
0
url pkg:pypi/paddlepaddle@2.5.0
purl pkg:pypi/paddlepaddle@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17s7-wrdn-ebes
1
vulnerability VCID-35qf-2v8r-t3cf
2
vulnerability VCID-45e3-a2hf-4bh9
3
vulnerability VCID-49pw-ktz7-jfh4
4
vulnerability VCID-7dca-ch9k-jkb6
5
vulnerability VCID-9cbs-47dq-rfca
6
vulnerability VCID-akmg-8bh1-xufv
7
vulnerability VCID-cuna-r55b-rqf3
8
vulnerability VCID-fbr1-2g6w-tqaa
9
vulnerability VCID-fd4j-1rre-5ua9
10
vulnerability VCID-h7rz-ms5h-huen
11
vulnerability VCID-ndbe-sr54-f3ha
12
vulnerability VCID-nehj-8bwx-qyce
13
vulnerability VCID-pt8v-dqvj-yue7
14
vulnerability VCID-pyt1-w4bk-x7cb
15
vulnerability VCID-s51x-rhes-73h1
16
vulnerability VCID-sshq-1n66-uugm
17
vulnerability VCID-z3ar-bcd5-gya8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0
aliases CVE-2023-38669, PYSEC-2023-122
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5s1z-ubhw-y7af
5
url VCID-7dca-ch9k-jkb6
vulnerability_id VCID-7dca-ch9k-jkb6
summary FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-138.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-138.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52306
reference_id CVE-2023-52306
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52306
5
reference_url https://github.com/advisories/GHSA-rg9q-m8hv-xxr6
reference_id GHSA-rg9q-m8hv-xxr6
reference_type
scores
url https://github.com/advisories/GHSA-rg9q-m8hv-xxr6
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52306, GHSA-rg9q-m8hv-xxr6, PYSEC-2024-138
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7dca-ch9k-jkb6
6
url VCID-9cbs-47dq-rfca
vulnerability_id VCID-9cbs-47dq-rfca
summary PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/5ed9478fdef96a06eeec9093f9e768c97b094af3
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/5ed9478fdef96a06eeec9093f9e768c97b094af3
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-146.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-146.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52314
reference_id CVE-2023-52314
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52314
5
reference_url https://github.com/advisories/GHSA-3cr5-2446-8pg3
reference_id GHSA-3cr5-2446-8pg3
reference_type
scores
url https://github.com/advisories/GHSA-3cr5-2446-8pg3
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52314, GHSA-3cr5-2446-8pg3, PYSEC-2024-146
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cbs-47dq-rfca
7
url VCID-akmg-8bh1-xufv
vulnerability_id VCID-akmg-8bh1-xufv
summary OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-133.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-133.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38678
reference_id CVE-2023-38678
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38678
5
reference_url https://github.com/advisories/GHSA-mr78-v55p-7777
reference_id GHSA-mr78-v55p-7777
reference_type
scores
url https://github.com/advisories/GHSA-mr78-v55p-7777
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-38678, GHSA-mr78-v55p-7777, PYSEC-2024-133
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akmg-8bh1-xufv
8
url VCID-cuna-r55b-rqf3
vulnerability_id VCID-cuna-r55b-rqf3
summary Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-131.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-131.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38676
reference_id CVE-2023-38676
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38676
5
reference_url https://github.com/advisories/GHSA-x3q9-c788-j7c8
reference_id GHSA-x3q9-c788-j7c8
reference_type
scores
url https://github.com/advisories/GHSA-x3q9-c788-j7c8
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-38676, GHSA-x3q9-c788-j7c8, PYSEC-2024-131
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuna-r55b-rqf3
9
url VCID-fbr1-2g6w-tqaa
vulnerability_id VCID-fbr1-2g6w-tqaa
summary Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-135.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-135.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52303
reference_id CVE-2023-52303
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52303
5
reference_url https://github.com/advisories/GHSA-2wcj-qr76-9768
reference_id GHSA-2wcj-qr76-9768
reference_type
scores
url https://github.com/advisories/GHSA-2wcj-qr76-9768
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52303, GHSA-2wcj-qr76-9768, PYSEC-2024-135
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fbr1-2g6w-tqaa
10
url VCID-fd4j-1rre-5ua9
vulnerability_id VCID-fd4j-1rre-5ua9
summary FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-132.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-132.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38677
reference_id CVE-2023-38677
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38677
5
reference_url https://github.com/advisories/GHSA-c6ph-m8cw-rfqh
reference_id GHSA-c6ph-m8cw-rfqh
reference_type
scores
url https://github.com/advisories/GHSA-c6ph-m8cw-rfqh
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-38677, GHSA-c6ph-m8cw-rfqh, PYSEC-2024-132
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fd4j-1rre-5ua9
11
url VCID-h7rz-ms5h-huen
vulnerability_id VCID-h7rz-ms5h-huen
summary Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-136.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-136.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52304
reference_id CVE-2023-52304
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52304
5
reference_url https://github.com/advisories/GHSA-4rrv-8gcp-24v8
reference_id GHSA-4rrv-8gcp-24v8
reference_type
scores
url https://github.com/advisories/GHSA-4rrv-8gcp-24v8
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52304, GHSA-4rrv-8gcp-24v8, PYSEC-2024-136
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h7rz-ms5h-huen
12
url VCID-kcxs-f62a-8fbb
vulnerability_id VCID-kcxs-f62a-8fbb
summary PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
references
0
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-005.md
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-005.md
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38673
reference_id CVE-2023-38673
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38673
fixed_packages
0
url pkg:pypi/paddlepaddle@2.5.0
purl pkg:pypi/paddlepaddle@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17s7-wrdn-ebes
1
vulnerability VCID-35qf-2v8r-t3cf
2
vulnerability VCID-45e3-a2hf-4bh9
3
vulnerability VCID-49pw-ktz7-jfh4
4
vulnerability VCID-7dca-ch9k-jkb6
5
vulnerability VCID-9cbs-47dq-rfca
6
vulnerability VCID-akmg-8bh1-xufv
7
vulnerability VCID-cuna-r55b-rqf3
8
vulnerability VCID-fbr1-2g6w-tqaa
9
vulnerability VCID-fd4j-1rre-5ua9
10
vulnerability VCID-h7rz-ms5h-huen
11
vulnerability VCID-ndbe-sr54-f3ha
12
vulnerability VCID-nehj-8bwx-qyce
13
vulnerability VCID-pt8v-dqvj-yue7
14
vulnerability VCID-pyt1-w4bk-x7cb
15
vulnerability VCID-s51x-rhes-73h1
16
vulnerability VCID-sshq-1n66-uugm
17
vulnerability VCID-z3ar-bcd5-gya8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0
aliases CVE-2023-38673, PYSEC-2023-126
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kcxs-f62a-8fbb
13
url VCID-ndbe-sr54-f3ha
vulnerability_id VCID-ndbe-sr54-f3ha
summary Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-141.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-141.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52309
reference_id CVE-2023-52309
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52309
5
reference_url https://github.com/advisories/GHSA-8fp7-jwv2-49x9
reference_id GHSA-8fp7-jwv2-49x9
reference_type
scores
url https://github.com/advisories/GHSA-8fp7-jwv2-49x9
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52309, GHSA-8fp7-jwv2-49x9, PYSEC-2024-141
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndbe-sr54-f3ha
14
url VCID-nehj-8bwx-qyce
vulnerability_id VCID-nehj-8bwx-qyce
summary FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-129.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-129.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38674
reference_id CVE-2023-38674
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38674
5
reference_url https://github.com/advisories/GHSA-xjpw-hx47-rccv
reference_id GHSA-xjpw-hx47-rccv
reference_type
scores
url https://github.com/advisories/GHSA-xjpw-hx47-rccv
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-38674, GHSA-xjpw-hx47-rccv, PYSEC-2024-129
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nehj-8bwx-qyce
15
url VCID-nvts-nkrt-7ybs
vulnerability_id VCID-nvts-nkrt-7ybs
summary Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
references
0
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-003.md
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-003.md
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38671
reference_id CVE-2023-38671
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38671
fixed_packages
0
url pkg:pypi/paddlepaddle@2.5.0
purl pkg:pypi/paddlepaddle@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17s7-wrdn-ebes
1
vulnerability VCID-35qf-2v8r-t3cf
2
vulnerability VCID-45e3-a2hf-4bh9
3
vulnerability VCID-49pw-ktz7-jfh4
4
vulnerability VCID-7dca-ch9k-jkb6
5
vulnerability VCID-9cbs-47dq-rfca
6
vulnerability VCID-akmg-8bh1-xufv
7
vulnerability VCID-cuna-r55b-rqf3
8
vulnerability VCID-fbr1-2g6w-tqaa
9
vulnerability VCID-fd4j-1rre-5ua9
10
vulnerability VCID-h7rz-ms5h-huen
11
vulnerability VCID-ndbe-sr54-f3ha
12
vulnerability VCID-nehj-8bwx-qyce
13
vulnerability VCID-pt8v-dqvj-yue7
14
vulnerability VCID-pyt1-w4bk-x7cb
15
vulnerability VCID-s51x-rhes-73h1
16
vulnerability VCID-sshq-1n66-uugm
17
vulnerability VCID-z3ar-bcd5-gya8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0
aliases CVE-2023-38671, PYSEC-2023-124
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nvts-nkrt-7ybs
16
url VCID-pt8v-dqvj-yue7
vulnerability_id VCID-pt8v-dqvj-yue7
summary Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52302
reference_id CVE-2023-52302
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52302
5
reference_url https://github.com/advisories/GHSA-547m-23x7-cxg5
reference_id GHSA-547m-23x7-cxg5
reference_type
scores
url https://github.com/advisories/GHSA-547m-23x7-cxg5
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52302, GHSA-547m-23x7-cxg5, PYSEC-2024-134
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pt8v-dqvj-yue7
17
url VCID-pyt1-w4bk-x7cb
vulnerability_id VCID-pyt1-w4bk-x7cb
summary PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/c5f6862d118d7d69210f0e73bea1b055f5f21f2b
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/c5f6862d118d7d69210f0e73bea1b055f5f21f2b
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-143.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-143.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52311
reference_id CVE-2023-52311
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52311
5
reference_url https://github.com/advisories/GHSA-rf7p-79xq-8xwm
reference_id GHSA-rf7p-79xq-8xwm
reference_type
scores
url https://github.com/advisories/GHSA-rf7p-79xq-8xwm
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52311, GHSA-rf7p-79xq-8xwm, PYSEC-2024-143
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pyt1-w4bk-x7cb
18
url VCID-s51x-rhes-73h1
vulnerability_id VCID-s51x-rhes-73h1
summary Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52312
reference_id CVE-2023-52312
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52312
5
reference_url https://github.com/advisories/GHSA-qppw-c37g-xwcc
reference_id GHSA-qppw-c37g-xwcc
reference_type
scores
url https://github.com/advisories/GHSA-qppw-c37g-xwcc
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
1
url pkg:pypi/paddlepaddle@2.6.1
purl pkg:pypi/paddlepaddle@2.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.1
aliases CVE-2023-52312, GHSA-qppw-c37g-xwcc, PYSEC-2024-144
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s51x-rhes-73h1
19
url VCID-sshq-1n66-uugm
vulnerability_id VCID-sshq-1n66-uugm
summary Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/6fdb316c8b0eb747e5324907e352824c9dba8215
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/6fdb316c8b0eb747e5324907e352824c9dba8215
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-139.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-139.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52307
reference_id CVE-2023-52307
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52307
5
reference_url https://github.com/advisories/GHSA-g57v-2687-jx33
reference_id GHSA-g57v-2687-jx33
reference_type
scores
url https://github.com/advisories/GHSA-g57v-2687-jx33
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52307, GHSA-g57v-2687-jx33, PYSEC-2024-139
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sshq-1n66-uugm
20
url VCID-swfm-bfvg-quft
vulnerability_id VCID-swfm-bfvg-quft
summary Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.md
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.md
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38670
reference_id CVE-2023-38670
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38670
fixed_packages
0
url pkg:pypi/paddlepaddle@2.5.0
purl pkg:pypi/paddlepaddle@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17s7-wrdn-ebes
1
vulnerability VCID-35qf-2v8r-t3cf
2
vulnerability VCID-45e3-a2hf-4bh9
3
vulnerability VCID-49pw-ktz7-jfh4
4
vulnerability VCID-7dca-ch9k-jkb6
5
vulnerability VCID-9cbs-47dq-rfca
6
vulnerability VCID-akmg-8bh1-xufv
7
vulnerability VCID-cuna-r55b-rqf3
8
vulnerability VCID-fbr1-2g6w-tqaa
9
vulnerability VCID-fd4j-1rre-5ua9
10
vulnerability VCID-h7rz-ms5h-huen
11
vulnerability VCID-ndbe-sr54-f3ha
12
vulnerability VCID-nehj-8bwx-qyce
13
vulnerability VCID-pt8v-dqvj-yue7
14
vulnerability VCID-pyt1-w4bk-x7cb
15
vulnerability VCID-s51x-rhes-73h1
16
vulnerability VCID-sshq-1n66-uugm
17
vulnerability VCID-z3ar-bcd5-gya8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0
aliases CVE-2023-38670, PYSEC-2023-123
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swfm-bfvg-quft
21
url VCID-vwp3-2fev-3qaz
vulnerability_id VCID-vwp3-2fev-3qaz
summary FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38672
reference_id CVE-2023-38672
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38672
fixed_packages
0
url pkg:pypi/paddlepaddle@2.5.0
purl pkg:pypi/paddlepaddle@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17s7-wrdn-ebes
1
vulnerability VCID-35qf-2v8r-t3cf
2
vulnerability VCID-45e3-a2hf-4bh9
3
vulnerability VCID-49pw-ktz7-jfh4
4
vulnerability VCID-7dca-ch9k-jkb6
5
vulnerability VCID-9cbs-47dq-rfca
6
vulnerability VCID-akmg-8bh1-xufv
7
vulnerability VCID-cuna-r55b-rqf3
8
vulnerability VCID-fbr1-2g6w-tqaa
9
vulnerability VCID-fd4j-1rre-5ua9
10
vulnerability VCID-h7rz-ms5h-huen
11
vulnerability VCID-ndbe-sr54-f3ha
12
vulnerability VCID-nehj-8bwx-qyce
13
vulnerability VCID-pt8v-dqvj-yue7
14
vulnerability VCID-pyt1-w4bk-x7cb
15
vulnerability VCID-s51x-rhes-73h1
16
vulnerability VCID-sshq-1n66-uugm
17
vulnerability VCID-z3ar-bcd5-gya8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0
aliases CVE-2023-38672, PYSEC-2023-125
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwp3-2fev-3qaz
22
url VCID-z3ar-bcd5-gya8
vulnerability_id VCID-z3ar-bcd5-gya8
summary FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
references
0
reference_url https://github.com/PaddlePaddle/Paddle
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle
1
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md
2
reference_url https://github.com/PaddlePaddle/Paddle/commit/6ef71779197ad6faf51ac295022ab5008d81372f
reference_id
reference_type
scores
url https://github.com/PaddlePaddle/Paddle/commit/6ef71779197ad6faf51ac295022ab5008d81372f
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-145.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-145.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52313
reference_id CVE-2023-52313
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-52313
5
reference_url https://github.com/advisories/GHSA-275c-w5mq-v5m2
reference_id GHSA-275c-w5mq-v5m2
reference_type
scores
url https://github.com/advisories/GHSA-275c-w5mq-v5m2
fixed_packages
0
url pkg:pypi/paddlepaddle@2.6.0
purl pkg:pypi/paddlepaddle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17nd-k3cn-4bb4
1
vulnerability VCID-fsej-h74n-6ffs
2
vulnerability VCID-fzzq-2t1q-p7fa
3
vulnerability VCID-mpck-qgnf-vfg5
4
vulnerability VCID-s51x-rhes-73h1
5
vulnerability VCID-wqhd-4yv8-37ea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0
aliases CVE-2023-52313, GHSA-275c-w5mq-v5m2, PYSEC-2024-145
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3ar-bcd5-gya8
Fixing_vulnerabilities
0
url VCID-p4dk-geq7-j3b7
vulnerability_id VCID-p4dk-geq7-j3b7
summary Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
references
0
reference_url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md
fixed_packages
0
url pkg:pypi/paddlepaddle@2.4.0
purl pkg:pypi/paddlepaddle@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17s7-wrdn-ebes
1
vulnerability VCID-35qf-2v8r-t3cf
2
vulnerability VCID-45e3-a2hf-4bh9
3
vulnerability VCID-49pw-ktz7-jfh4
4
vulnerability VCID-5s1z-ubhw-y7af
5
vulnerability VCID-7dca-ch9k-jkb6
6
vulnerability VCID-9cbs-47dq-rfca
7
vulnerability VCID-akmg-8bh1-xufv
8
vulnerability VCID-cuna-r55b-rqf3
9
vulnerability VCID-fbr1-2g6w-tqaa
10
vulnerability VCID-fd4j-1rre-5ua9
11
vulnerability VCID-h7rz-ms5h-huen
12
vulnerability VCID-kcxs-f62a-8fbb
13
vulnerability VCID-ndbe-sr54-f3ha
14
vulnerability VCID-nehj-8bwx-qyce
15
vulnerability VCID-nvts-nkrt-7ybs
16
vulnerability VCID-pt8v-dqvj-yue7
17
vulnerability VCID-pyt1-w4bk-x7cb
18
vulnerability VCID-s51x-rhes-73h1
19
vulnerability VCID-sshq-1n66-uugm
20
vulnerability VCID-swfm-bfvg-quft
21
vulnerability VCID-vwp3-2fev-3qaz
22
vulnerability VCID-z3ar-bcd5-gya8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.4.0
aliases CVE-2022-46742, PYSEC-2022-43063
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4dk-geq7-j3b7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.4.0