Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pytorch-lightning@1.3.8
purl pkg:pypi/pytorch-lightning@1.3.8
Next non-vulnerable version 2.4.0
Latest non-vulnerable version 2.4.0
Risk 4.5
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-3hhe-9pgj-ryfs
Aliases:
CVE-2024-8020
GHSA-98fp-7v67-4v3q
PyTorch Lightning denial of service vulnerability A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down.
2.3.3
Affected by 1 other vulnerability.
VCID-d6fc-w1wu-ckc1
Aliases:
CVE-2024-8019
GHSA-4cv3-v7pv-rfhf
PyTorch Lightning path traversal vulnerability In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
2.4.0
Affected by 0 other vulnerabilities.
VCID-kpjs-y2wd-kfgf
Aliases:
CVE-2021-4118
GHSA-2vj5-px25-gjrp
PYSEC-2021-874
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
1.6.0
Affected by 2 other vulnerabilities.
VCID-z7cb-qxfa-efa7
Aliases:
CVE-2022-0845
GHSA-r5qj-cvf9-p85h
PYSEC-2022-181
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
1.6.0
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T05:43:07.733603+00:00 GitLab Importer Affected by VCID-d6fc-w1wu-ckc1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pytorch-lightning/CVE-2024-8019.yml 38.6.0
2026-06-06T05:42:47.237154+00:00 GitLab Importer Affected by VCID-3hhe-9pgj-ryfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pytorch-lightning/CVE-2024-8020.yml 38.6.0
2026-06-06T01:33:51.635104+00:00 GitLab Importer Affected by VCID-z7cb-qxfa-efa7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pytorch-lightning/CVE-2022-0845.yml 38.6.0
2026-06-06T01:16:11.407035+00:00 GitLab Importer Affected by VCID-kpjs-y2wd-kfgf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pytorch-lightning/CVE-2021-4118.yml 38.6.0
2026-06-05T17:01:54.853422+00:00 PyPI Importer Affected by VCID-z7cb-qxfa-efa7 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-05T17:01:25.160166+00:00 PyPI Importer Affected by VCID-kpjs-y2wd-kfgf https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-05T16:39:36.020698+00:00 GHSA Importer Affected by VCID-z7cb-qxfa-efa7 https://github.com/advisories/GHSA-r5qj-cvf9-p85h 38.6.0
2026-06-05T16:37:13.340120+00:00 GHSA Importer Affected by VCID-kpjs-y2wd-kfgf https://github.com/advisories/GHSA-2vj5-px25-gjrp 38.6.0
2026-06-02T04:17:06.590350+00:00 Pypa Importer Affected by VCID-z7cb-qxfa-efa7 https://github.com/pypa/advisory-database/blob/main/vulns/pytorch-lightning/PYSEC-2022-181.yaml 38.6.0
2026-06-02T04:16:14.783624+00:00 Pypa Importer Affected by VCID-kpjs-y2wd-kfgf https://github.com/pypa/advisory-database/blob/main/vulns/pytorch-lightning/PYSEC-2021-874.yaml 38.6.0