Search for packages
| purl | pkg:pypi/mlx@0.29.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-cb8d-gsaw-nuca | MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue has been patched in version 0.29.4. |
CVE-2025-62608
GHSA-w6vg-jg77-2qg6 PYSEC-2025-138 |
| VCID-vs6q-sx1s-wbf6 | MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This issue has been patched in version 0.29.4. |
CVE-2025-62609
GHSA-j842-xgm4-wf88 PYSEC-2025-139 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:48:32.316110+00:00 | GitLab Importer | Fixing | VCID-cb8d-gsaw-nuca | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mlx/CVE-2025-62608.yml | 38.6.0 |
| 2026-06-02T04:48:32.273682+00:00 | GitLab Importer | Fixing | VCID-vs6q-sx1s-wbf6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mlx/CVE-2025-62609.yml | 38.6.0 |
| 2026-06-02T04:23:26.881892+00:00 | Pypa Importer | Fixing | VCID-vs6q-sx1s-wbf6 | https://github.com/pypa/advisory-database/blob/main/vulns/mlx/PYSEC-2025-139.yaml | 38.6.0 |
| 2026-06-02T04:23:26.682306+00:00 | Pypa Importer | Fixing | VCID-cb8d-gsaw-nuca | https://github.com/pypa/advisory-database/blob/main/vulns/mlx/PYSEC-2025-138.yaml | 38.6.0 |