Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/torch@2.6.0
purl pkg:pypi/torch@2.6.0
Next non-vulnerable version 2.9.0
Latest non-vulnerable version 2.9.0
Risk
Vulnerabilities affecting this package (12)
Vulnerability Summary Fixed by
VCID-3cvu-c3jj-yyhx
Aliases:
CVE-2025-55560
PYSEC-2025-209
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
2.7.1
Affected by 3 other vulnerabilities.
VCID-8u6v-jzkr-nkb4
Aliases:
CVE-2025-46152
PYSEC-2025-201
In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
2.7.0
Affected by 7 other vulnerabilities.
VCID-dm2h-xssw-xqhb
Aliases:
CVE-2025-55554
PYSEC-2025-206
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
2.9.0
Affected by 0 other vulnerabilities.
VCID-fzd6-jxxp-h7c8
Aliases:
CVE-2025-46153
PYSEC-2025-202
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
2.7.0
Affected by 7 other vulnerabilities.
VCID-jqpq-n5zb-2ydh
Aliases:
CVE-2025-55552
PYSEC-2025-204
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
2.9.0
Affected by 0 other vulnerabilities.
VCID-rr2u-g78b-yfev
Aliases:
CVE-2025-55551
PYSEC-2025-203
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
2.9.0
Affected by 0 other vulnerabilities.
VCID-tw2j-udhp-nydv
Aliases:
CVE-2025-55553
PYSEC-2025-205
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
2.7.1
Affected by 3 other vulnerabilities.
VCID-vy3e-sq4h-eybf
Aliases:
CVE-2025-55558
PYSEC-2025-208
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
2.7.1
Affected by 3 other vulnerabilities.
VCID-w8cd-83qu-uygf
Aliases:
CVE-2025-46150
PYSEC-2025-200
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
2.7.0
Affected by 7 other vulnerabilities.
VCID-x8ck-txve-s7gy
Aliases:
CVE-2025-55557
PYSEC-2025-207
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
2.7.1
Affected by 3 other vulnerabilities.
VCID-xgau-bn5a-t3cg
Aliases:
CVE-2025-46149
PYSEC-2025-199
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
2.7.0
Affected by 7 other vulnerabilities.
VCID-z22a-fyhr-bbg4
Aliases:
CVE-2025-46148
PYSEC-2025-198
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
2.7.0
Affected by 7 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-7563-j935-rkh5 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0. CVE-2025-32434
GHSA-53q9-r3pm-6pq6
PYSEC-2025-41

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:23:22.244068+00:00 Pypa Importer Affected by VCID-3cvu-c3jj-yyhx https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-209.yaml 38.6.0
2026-06-02T04:23:22.041285+00:00 Pypa Importer Affected by VCID-vy3e-sq4h-eybf https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-208.yaml 38.6.0
2026-06-02T04:23:21.845696+00:00 Pypa Importer Affected by VCID-x8ck-txve-s7gy https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-207.yaml 38.6.0
2026-06-02T04:23:21.646388+00:00 Pypa Importer Affected by VCID-dm2h-xssw-xqhb https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-206.yaml 38.6.0
2026-06-02T04:23:21.460608+00:00 Pypa Importer Affected by VCID-tw2j-udhp-nydv https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-205.yaml 38.6.0
2026-06-02T04:23:21.255966+00:00 Pypa Importer Affected by VCID-jqpq-n5zb-2ydh https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-204.yaml 38.6.0
2026-06-02T04:23:21.055483+00:00 Pypa Importer Affected by VCID-rr2u-g78b-yfev https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-203.yaml 38.6.0
2026-06-02T04:23:20.875122+00:00 Pypa Importer Affected by VCID-fzd6-jxxp-h7c8 https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-202.yaml 38.6.0
2026-06-02T04:23:20.832192+00:00 Pypa Importer Affected by VCID-8u6v-jzkr-nkb4 https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-201.yaml 38.6.0
2026-06-02T04:23:20.799827+00:00 Pypa Importer Affected by VCID-w8cd-83qu-uygf https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-200.yaml 38.6.0
2026-06-02T04:23:20.762199+00:00 Pypa Importer Affected by VCID-xgau-bn5a-t3cg https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-199.yaml 38.6.0
2026-06-02T04:23:20.726876+00:00 Pypa Importer Affected by VCID-z22a-fyhr-bbg4 https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-198.yaml 38.6.0
2026-06-02T04:22:59.132535+00:00 Pypa Importer Fixing VCID-7563-j935-rkh5 https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-41.yaml 38.6.0