Search for packages
| purl | pkg:pypi/torch@1.7.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1fx4-95p5-6kgv
Aliases: CVE-2022-45907 PYSEC-2022-43015 |
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. |
Affected by 13 other vulnerabilities. |
|
VCID-3cvu-c3jj-yyhx
Aliases: CVE-2025-55560 PYSEC-2025-209 |
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. |
Affected by 3 other vulnerabilities. |
|
VCID-57ph-1jp3-rff4
Aliases: CVE-2024-31584 PYSEC-2024-250 |
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. |
Affected by 10 other vulnerabilities. |
|
VCID-69gt-qhaf-63gv
Aliases: CVE-2024-31583 GHSA-pg7h-5qx3-wjr3 PYSEC-2024-251 |
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. |
Affected by 10 other vulnerabilities. |
|
VCID-7563-j935-rkh5
Aliases: CVE-2025-32434 GHSA-53q9-r3pm-6pq6 PYSEC-2025-41 |
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0. |
Affected by 12 other vulnerabilities. |
|
VCID-avxx-n31w-4fgu
Aliases: CVE-2024-31580 GHSA-5pcm-hx3q-hm94 PYSEC-2024-252 |
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
Affected by 10 other vulnerabilities. |
|
VCID-dm2h-xssw-xqhb
Aliases: CVE-2025-55554 PYSEC-2025-206 |
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). |
Affected by 0 other vulnerabilities. |
|
VCID-jqpq-n5zb-2ydh
Aliases: CVE-2025-55552 PYSEC-2025-204 |
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. |
Affected by 0 other vulnerabilities. |
|
VCID-pryj-149u-zqe7
Aliases: CVE-2024-48063 PYSEC-2024-259 |
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. |
Affected by 9 other vulnerabilities. |
|
VCID-rr2u-g78b-yfev
Aliases: CVE-2025-55551 PYSEC-2025-203 |
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. |
Affected by 0 other vulnerabilities. |
|
VCID-tw2j-udhp-nydv
Aliases: CVE-2025-55553 PYSEC-2025-205 |
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). |
Affected by 3 other vulnerabilities. |
|
VCID-vy3e-sq4h-eybf
Aliases: CVE-2025-55558 PYSEC-2025-208 |
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). |
Affected by 3 other vulnerabilities. |
|
VCID-x8ck-txve-s7gy
Aliases: CVE-2025-55557 PYSEC-2025-207 |
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). |
Affected by 3 other vulnerabilities. |
|
VCID-z22a-fyhr-bbg4
Aliases: CVE-2025-46148 PYSEC-2025-198 |
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. |
Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||