Search for packages
| purl | pkg:pypi/mlx@0.25.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-cb8d-gsaw-nuca
Aliases: CVE-2025-62608 GHSA-w6vg-jg77-2qg6 PYSEC-2025-138 |
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue has been patched in version 0.29.4. |
Affected by 0 other vulnerabilities. |
|
VCID-vs6q-sx1s-wbf6
Aliases: CVE-2025-62609 GHSA-j842-xgm4-wf88 PYSEC-2025-139 |
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This issue has been patched in version 0.29.4. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:23:26.841486+00:00 | Pypa Importer | Affected by | VCID-vs6q-sx1s-wbf6 | https://github.com/pypa/advisory-database/blob/main/vulns/mlx/PYSEC-2025-139.yaml | 38.6.0 |
| 2026-06-02T04:23:26.628196+00:00 | Pypa Importer | Affected by | VCID-cb8d-gsaw-nuca | https://github.com/pypa/advisory-database/blob/main/vulns/mlx/PYSEC-2025-138.yaml | 38.6.0 |