Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/46367?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/46367?format=api", "purl": "pkg:pypi/torch@2.7.0", "type": "pypi", "namespace": "", "name": "torch", "version": "2.7.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.9.0", "latest_non_vulnerable_version": "2.9.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37127?format=api", "vulnerability_id": "VCID-3cvu-c3jj-yyhx", "summary": "An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151522", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151522" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/151897", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/pull/151897" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46368?format=api", "purl": "pkg:pypi/torch@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1" } ], "aliases": [ "CVE-2025-55560", "PYSEC-2025-209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cvu-c3jj-yyhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37124?format=api", "vulnerability_id": "VCID-dm2h-xssw-xqhb", "summary": "pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151510", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://github.com/pytorch/pytorch/issues/151510" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46370?format=api", "purl": "pkg:pypi/torch@2.9.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0" } ], "aliases": [ "CVE-2025-55554", "PYSEC-2025-206" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dm2h-xssw-xqhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37122?format=api", "vulnerability_id": "VCID-jqpq-n5zb-2ydh", "summary": "pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/147847", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/147847" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46370?format=api", "purl": "pkg:pypi/torch@2.9.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0" } ], "aliases": [ "CVE-2025-55552", "PYSEC-2025-204" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqpq-n5zb-2ydh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37121?format=api", "vulnerability_id": "VCID-rr2u-g78b-yfev", "summary": "An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151401", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151401" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46370?format=api", "purl": "pkg:pypi/torch@2.9.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0" } ], "aliases": [ "CVE-2025-55551", "PYSEC-2025-203" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rr2u-g78b-yfev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37123?format=api", "vulnerability_id": "VCID-tw2j-udhp-nydv", "summary": "A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151432" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/154645", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/pull/154645" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46368?format=api", "purl": "pkg:pypi/torch@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1" } ], "aliases": [ "CVE-2025-55553", "PYSEC-2025-205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tw2j-udhp-nydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37126?format=api", "vulnerability_id": "VCID-vy3e-sq4h-eybf", "summary": "A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151523", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151523" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/151887", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/pull/151887" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46368?format=api", "purl": "pkg:pypi/torch@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1" } ], "aliases": [ "CVE-2025-55558", "PYSEC-2025-208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vy3e-sq4h-eybf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37125?format=api", "vulnerability_id": "VCID-x8ck-txve-s7gy", "summary": "A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151738", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/issues/151738" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/151931", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/pytorch/pytorch/pull/151931" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46368?format=api", "purl": "pkg:pypi/torch@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1" } ], "aliases": [ "CVE-2025-55557", "PYSEC-2025-207" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8ck-txve-s7gy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37119?format=api", "vulnerability_id": "VCID-8u6v-jzkr-nkb4", "summary": "In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the \"other\" argument.", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/143555", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://github.com/pytorch/pytorch/issues/143555" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/143635", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://github.com/pytorch/pytorch/pull/143635" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46367?format=api", "purl": "pkg:pypi/torch@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0" } ], "aliases": [ "CVE-2025-46152", "PYSEC-2025-201" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u6v-jzkr-nkb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37120?format=api", "vulnerability_id": "VCID-fzd6-jxxp-h7c8", "summary": "PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a" }, { "reference_url": "https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a" }, { "reference_url": "https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/142853", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/issues/142853" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/143460", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/pull/143460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46367?format=api", "purl": "pkg:pypi/torch@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0" } ], "aliases": [ "CVE-2025-46153", "PYSEC-2025-202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fzd6-jxxp-h7c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37118?format=api", "vulnerability_id": "VCID-w8cd-83qu-uygf", "summary": "In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/141538", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/issues/141538" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/141538#issuecomment-2537424658", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/issues/141538#issuecomment-2537424658" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/144395", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/pull/144395" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46367?format=api", "purl": "pkg:pypi/torch@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0" } ], "aliases": [ "CVE-2025-46150", "PYSEC-2025-200" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8cd-83qu-uygf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37117?format=api", "vulnerability_id": "VCID-xgau-bn5a-t3cg", "summary": "In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/147848", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/issues/147848" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/147961", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/pull/147961" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46367?format=api", "purl": "pkg:pypi/torch@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0" } ], "aliases": [ "CVE-2025-46149", "PYSEC-2025-199" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgau-bn5a-t3cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37116?format=api", "vulnerability_id": "VCID-z22a-fyhr-bbg4", "summary": "In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.", "references": [ { "reference_url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a" }, { "reference_url": "https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093" }, { "reference_url": "https://github.com/pytorch/pytorch/issues/151198", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/issues/151198" }, { "reference_url": "https://github.com/pytorch/pytorch/pull/152993", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/pytorch/pytorch/pull/152993" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46367?format=api", "purl": "pkg:pypi/torch@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cvu-c3jj-yyhx" }, { "vulnerability": "VCID-dm2h-xssw-xqhb" }, { "vulnerability": "VCID-jqpq-n5zb-2ydh" }, { "vulnerability": "VCID-rr2u-g78b-yfev" }, { "vulnerability": "VCID-tw2j-udhp-nydv" }, { "vulnerability": "VCID-vy3e-sq4h-eybf" }, { "vulnerability": "VCID-x8ck-txve-s7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0" } ], "aliases": [ "CVE-2025-46148", "PYSEC-2025-198" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z22a-fyhr-bbg4" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0" }