VulnerableCode Package Details - pkg:pypi/torch@2.3.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/torch@2.3.0

Essentials
History (10)

purl	pkg:pypi/torch@2.3.0

Next non-vulnerable version	2.9.0
Latest non-vulnerable version	2.9.0
Risk

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-3cvu-c3jj-yyhx Aliases: CVE-2025-55560 PYSEC-2025-209	An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.	2.7.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7563-j935-rkh5 Aliases: CVE-2025-32434 GHSA-53q9-r3pm-6pq6 PYSEC-2025-41	PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.	2.6.0 Affected by 12 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dm2h-xssw-xqhb Aliases: CVE-2025-55554 PYSEC-2025-206	pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().	2.9.0 Affected by 0 other vulnerabilities.
VCID-jqpq-n5zb-2ydh Aliases: CVE-2025-55552 PYSEC-2025-204	pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.	2.9.0 Affected by 0 other vulnerabilities.
VCID-pryj-149u-zqe7 Aliases: CVE-2024-48063 PYSEC-2024-259	In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.	2.5.0 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rr2u-g78b-yfev Aliases: CVE-2025-55551 PYSEC-2025-203	An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.	2.9.0 Affected by 0 other vulnerabilities.
VCID-tw2j-udhp-nydv Aliases: CVE-2025-55553 PYSEC-2025-205	A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).	2.7.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vy3e-sq4h-eybf Aliases: CVE-2025-55558 PYSEC-2025-208	A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).	2.7.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x8ck-txve-s7gy Aliases: CVE-2025-55557 PYSEC-2025-207	A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).	2.7.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-z22a-fyhr-bbg4 Aliases: CVE-2025-46148 PYSEC-2025-198	In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.	2.7.0 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:22.221139+00:00	Pypa Importer	Affected by	VCID-3cvu-c3jj-yyhx	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-209.yaml	38.6.0
2026-06-02T04:23:22.017991+00:00	Pypa Importer	Affected by	VCID-vy3e-sq4h-eybf	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-208.yaml	38.6.0
2026-06-02T04:23:21.822932+00:00	Pypa Importer	Affected by	VCID-x8ck-txve-s7gy	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-207.yaml	38.6.0
2026-06-02T04:23:21.623620+00:00	Pypa Importer	Affected by	VCID-dm2h-xssw-xqhb	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-206.yaml	38.6.0
2026-06-02T04:23:21.437153+00:00	Pypa Importer	Affected by	VCID-tw2j-udhp-nydv	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-205.yaml	38.6.0
2026-06-02T04:23:21.233800+00:00	Pypa Importer	Affected by	VCID-jqpq-n5zb-2ydh	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-204.yaml	38.6.0
2026-06-02T04:23:21.032341+00:00	Pypa Importer	Affected by	VCID-rr2u-g78b-yfev	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-203.yaml	38.6.0
2026-06-02T04:23:20.704399+00:00	Pypa Importer	Affected by	VCID-z22a-fyhr-bbg4	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-198.yaml	38.6.0
2026-06-02T04:22:59.108777+00:00	Pypa Importer	Affected by	VCID-7563-j935-rkh5	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-41.yaml	38.6.0
2026-06-02T04:22:27.778508+00:00	Pypa Importer	Affected by	VCID-pryj-149u-zqe7	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2024-259.yaml	38.6.0