VulnerableCode Package Details - pkg:pypi/torch@2.7.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3cvu-c3jj-yyhx Aliases: CVE-2025-55560 PYSEC-2025-209	An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.	2.7.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dm2h-xssw-xqhb Aliases: CVE-2025-55554 PYSEC-2025-206	pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().	2.9.0 Affected by 0 other vulnerabilities.
VCID-jqpq-n5zb-2ydh Aliases: CVE-2025-55552 PYSEC-2025-204	pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.	2.9.0 Affected by 0 other vulnerabilities.
VCID-rr2u-g78b-yfev Aliases: CVE-2025-55551 PYSEC-2025-203	An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.	2.9.0 Affected by 0 other vulnerabilities.
VCID-tw2j-udhp-nydv Aliases: CVE-2025-55553 PYSEC-2025-205	A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).	2.7.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vy3e-sq4h-eybf Aliases: CVE-2025-55558 PYSEC-2025-208	A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).	2.7.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x8ck-txve-s7gy Aliases: CVE-2025-55557 PYSEC-2025-207	A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).	2.7.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3cvu-c3jj-yyhx
Aliases:
CVE-2025-55560
PYSEC-2025-209

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

2.7.1
Affected by 3 other vulnerabilities.

VCID-dm2h-xssw-xqhb
Aliases:
CVE-2025-55554
PYSEC-2025-206

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

2.9.0
Affected by 0 other vulnerabilities.

VCID-jqpq-n5zb-2ydh
Aliases:
CVE-2025-55552
PYSEC-2025-204

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

2.9.0
Affected by 0 other vulnerabilities.

VCID-rr2u-g78b-yfev
Aliases:
CVE-2025-55551
PYSEC-2025-203

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

2.9.0
Affected by 0 other vulnerabilities.

VCID-tw2j-udhp-nydv
Aliases:
CVE-2025-55553
PYSEC-2025-205

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

2.7.1
Affected by 3 other vulnerabilities.

VCID-vy3e-sq4h-eybf
Aliases:
CVE-2025-55558
PYSEC-2025-208

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).

2.7.1
Affected by 3 other vulnerabilities.

VCID-x8ck-txve-s7gy
Aliases:
CVE-2025-55557
PYSEC-2025-207

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).

2.7.1
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8u6v-jzkr-nkb4	In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.	CVE-2025-46152 PYSEC-2025-201
VCID-fzd6-jxxp-h7c8	PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.	CVE-2025-46153 PYSEC-2025-202
VCID-w8cd-83qu-uygf	In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.	CVE-2025-46150 PYSEC-2025-200
VCID-xgau-bn5a-t3cg	In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.	CVE-2025-46149 PYSEC-2025-199
VCID-z22a-fyhr-bbg4	In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.	CVE-2025-46148 PYSEC-2025-198

Vulnerability

Summary

Aliases

VCID-8u6v-jzkr-nkb4

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.

CVE-2025-46152
PYSEC-2025-201

VCID-fzd6-jxxp-h7c8

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

CVE-2025-46153
PYSEC-2025-202

VCID-w8cd-83qu-uygf

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.

CVE-2025-46150
PYSEC-2025-200

VCID-xgau-bn5a-t3cg

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.

CVE-2025-46149
PYSEC-2025-199

VCID-z22a-fyhr-bbg4

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.

CVE-2025-46148
PYSEC-2025-198

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:22.247951+00:00	Pypa Importer	Affected by	VCID-3cvu-c3jj-yyhx	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-209.yaml	38.6.0
2026-06-02T04:23:22.045207+00:00	Pypa Importer	Affected by	VCID-vy3e-sq4h-eybf	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-208.yaml	38.6.0
2026-06-02T04:23:21.849445+00:00	Pypa Importer	Affected by	VCID-x8ck-txve-s7gy	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-207.yaml	38.6.0
2026-06-02T04:23:21.650327+00:00	Pypa Importer	Affected by	VCID-dm2h-xssw-xqhb	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-206.yaml	38.6.0
2026-06-02T04:23:21.464244+00:00	Pypa Importer	Affected by	VCID-tw2j-udhp-nydv	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-205.yaml	38.6.0
2026-06-02T04:23:21.259615+00:00	Pypa Importer	Affected by	VCID-jqpq-n5zb-2ydh	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-204.yaml	38.6.0
2026-06-02T04:23:21.059358+00:00	Pypa Importer	Affected by	VCID-rr2u-g78b-yfev	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-203.yaml	38.6.0
2026-06-02T04:23:20.879005+00:00	Pypa Importer	Fixing	VCID-fzd6-jxxp-h7c8	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-202.yaml	38.6.0
2026-06-02T04:23:20.835897+00:00	Pypa Importer	Fixing	VCID-8u6v-jzkr-nkb4	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-201.yaml	38.6.0
2026-06-02T04:23:20.803656+00:00	Pypa Importer	Fixing	VCID-w8cd-83qu-uygf	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-200.yaml	38.6.0
2026-06-02T04:23:20.766019+00:00	Pypa Importer	Fixing	VCID-xgau-bn5a-t3cg	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-199.yaml	38.6.0
2026-06-02T04:23:20.731703+00:00	Pypa Importer	Fixing	VCID-z22a-fyhr-bbg4	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-198.yaml	38.6.0