{"url":"http://public2.vulnerablecode.io/api/packages/29932?format=json","purl":"pkg:pypi/torch@1.9.1","type":"pypi","namespace":"","name":"torch","version":"1.9.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.9.0","latest_non_vulnerable_version":"2.9.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36319?format=json","vulnerability_id":"VCID-1fx4-95p5-6kgv","summary":"In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.","references":[{"reference_url":"https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3"},{"reference_url":"https://github.com/pytorch/pytorch/issues/88868","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pytorch/pytorch/issues/88868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29940?format=json","purl":"pkg:pypi/torch@1.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cvu-c3jj-yyhx"},{"vulnerability":"VCID-57ph-1jp3-rff4"},{"vulnerability":"VCID-69gt-qhaf-63gv"},{"vulnerability":"VCID-7563-j935-rkh5"},{"vulnerability":"VCID-avxx-n31w-4fgu"},{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-pryj-149u-zqe7"},{"vulnerability":"VCID-rr2u-g78b-yfev"},{"vulnerability":"VCID-tw2j-udhp-nydv"},{"vulnerability":"VCID-vy3e-sq4h-eybf"},{"vulnerability":"VCID-x8ck-txve-s7gy"},{"vulnerability":"VCID-z22a-fyhr-bbg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@1.13.1"}],"aliases":["CVE-2022-45907","PYSEC-2022-43015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fx4-95p5-6kgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37127?format=json","vulnerability_id":"VCID-3cvu-c3jj-yyhx","summary":"An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.","references":[{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151522","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/issues/151522"},{"reference_url":"https://github.com/pytorch/pytorch/pull/151897","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/pull/151897"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46368?format=json","purl":"pkg:pypi/torch@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-rr2u-g78b-yfev"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1"}],"aliases":["CVE-2025-55560","PYSEC-2025-209"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cvu-c3jj-yyhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36767?format=json","vulnerability_id":"VCID-57ph-1jp3-rff4","summary":"Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.","references":[{"reference_url":"https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305"},{"reference_url":"https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40905?format=json","purl":"pkg:pypi/torch@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cvu-c3jj-yyhx"},{"vulnerability":"VCID-7563-j935-rkh5"},{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-pryj-149u-zqe7"},{"vulnerability":"VCID-rr2u-g78b-yfev"},{"vulnerability":"VCID-tw2j-udhp-nydv"},{"vulnerability":"VCID-vy3e-sq4h-eybf"},{"vulnerability":"VCID-x8ck-txve-s7gy"},{"vulnerability":"VCID-z22a-fyhr-bbg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0"}],"aliases":["CVE-2024-31584","PYSEC-2024-250"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57ph-1jp3-rff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36764?format=json","vulnerability_id":"VCID-69gt-qhaf-63gv","summary":"Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.","references":[{"reference_url":"https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176","reference_id":"","reference_type":"","scores":[],"url":"https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-251.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-251.yaml"},{"reference_url":"https://github.com/pytorch/pytorch","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pytorch/pytorch"},{"reference_url":"https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132"},{"reference_url":"https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6619806","reference_id":"","reference_type":"","scores":[],"url":"https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6619806"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31583","reference_id":"CVE-2024-31583","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31583"},{"reference_url":"https://github.com/advisories/GHSA-pg7h-5qx3-wjr3","reference_id":"GHSA-pg7h-5qx3-wjr3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pg7h-5qx3-wjr3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40905?format=json","purl":"pkg:pypi/torch@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cvu-c3jj-yyhx"},{"vulnerability":"VCID-7563-j935-rkh5"},{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-pryj-149u-zqe7"},{"vulnerability":"VCID-rr2u-g78b-yfev"},{"vulnerability":"VCID-tw2j-udhp-nydv"},{"vulnerability":"VCID-vy3e-sq4h-eybf"},{"vulnerability":"VCID-x8ck-txve-s7gy"},{"vulnerability":"VCID-z22a-fyhr-bbg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0"}],"aliases":["CVE-2024-31583","GHSA-pg7h-5qx3-wjr3","PYSEC-2024-251"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69gt-qhaf-63gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37048?format=json","vulnerability_id":"VCID-7563-j935-rkh5","summary":"PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.","references":[{"reference_url":"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45018?format=json","purl":"pkg:pypi/torch@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cvu-c3jj-yyhx"},{"vulnerability":"VCID-8u6v-jzkr-nkb4"},{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-fzd6-jxxp-h7c8"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-rr2u-g78b-yfev"},{"vulnerability":"VCID-tw2j-udhp-nydv"},{"vulnerability":"VCID-vy3e-sq4h-eybf"},{"vulnerability":"VCID-w8cd-83qu-uygf"},{"vulnerability":"VCID-x8ck-txve-s7gy"},{"vulnerability":"VCID-xgau-bn5a-t3cg"},{"vulnerability":"VCID-z22a-fyhr-bbg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.6.0"}],"aliases":["CVE-2025-32434","GHSA-53q9-r3pm-6pq6","PYSEC-2025-41"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7563-j935-rkh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36765?format=json","vulnerability_id":"VCID-avxx-n31w-4fgu","summary":"PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","references":[{"reference_url":"https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d","reference_id":"","reference_type":"","scores":[],"url":"https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-252.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-252.yaml"},{"reference_url":"https://github.com/pytorch/pytorch","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pytorch/pytorch"},{"reference_url":"https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6649934","reference_id":"","reference_type":"","scores":[],"url":"https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6649934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31580","reference_id":"CVE-2024-31580","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31580"},{"reference_url":"https://github.com/advisories/GHSA-5pcm-hx3q-hm94","reference_id":"GHSA-5pcm-hx3q-hm94","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5pcm-hx3q-hm94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40905?format=json","purl":"pkg:pypi/torch@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cvu-c3jj-yyhx"},{"vulnerability":"VCID-7563-j935-rkh5"},{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-pryj-149u-zqe7"},{"vulnerability":"VCID-rr2u-g78b-yfev"},{"vulnerability":"VCID-tw2j-udhp-nydv"},{"vulnerability":"VCID-vy3e-sq4h-eybf"},{"vulnerability":"VCID-x8ck-txve-s7gy"},{"vulnerability":"VCID-z22a-fyhr-bbg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0"}],"aliases":["CVE-2024-31580","GHSA-5pcm-hx3q-hm94","PYSEC-2024-252"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avxx-n31w-4fgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37124?format=json","vulnerability_id":"VCID-dm2h-xssw-xqhb","summary":"pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().","references":[{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151510","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://github.com/pytorch/pytorch/issues/151510"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46370?format=json","purl":"pkg:pypi/torch@2.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0"}],"aliases":["CVE-2025-55554","PYSEC-2025-206"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dm2h-xssw-xqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37122?format=json","vulnerability_id":"VCID-jqpq-n5zb-2ydh","summary":"pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.","references":[{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://github.com/pytorch/pytorch/issues/147847","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/issues/147847"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46370?format=json","purl":"pkg:pypi/torch@2.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0"}],"aliases":["CVE-2025-55552","PYSEC-2025-204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqpq-n5zb-2ydh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36918?format=json","vulnerability_id":"VCID-pryj-149u-zqe7","summary":"In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.","references":[{"reference_url":"https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065"},{"reference_url":"https://github.com/pytorch/pytorch/issues/129228","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/pytorch/pytorch/issues/129228"},{"reference_url":"https://github.com/pytorch/pytorch/security/policy#using-distributed-features","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/pytorch/pytorch/security/policy#using-distributed-features"},{"reference_url":"https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43772?format=json","purl":"pkg:pypi/torch@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cvu-c3jj-yyhx"},{"vulnerability":"VCID-7563-j935-rkh5"},{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-rr2u-g78b-yfev"},{"vulnerability":"VCID-tw2j-udhp-nydv"},{"vulnerability":"VCID-vy3e-sq4h-eybf"},{"vulnerability":"VCID-x8ck-txve-s7gy"},{"vulnerability":"VCID-z22a-fyhr-bbg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.5.0"}],"aliases":["CVE-2024-48063","PYSEC-2024-259"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pryj-149u-zqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37121?format=json","vulnerability_id":"VCID-rr2u-g78b-yfev","summary":"An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.","references":[{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151401","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/issues/151401"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46370?format=json","purl":"pkg:pypi/torch@2.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0"}],"aliases":["CVE-2025-55551","PYSEC-2025-203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rr2u-g78b-yfev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37123?format=json","vulnerability_id":"VCID-tw2j-udhp-nydv","summary":"A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).","references":[{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151432","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/issues/151432"},{"reference_url":"https://github.com/pytorch/pytorch/pull/154645","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/pull/154645"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46368?format=json","purl":"pkg:pypi/torch@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-rr2u-g78b-yfev"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1"}],"aliases":["CVE-2025-55553","PYSEC-2025-205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tw2j-udhp-nydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37126?format=json","vulnerability_id":"VCID-vy3e-sq4h-eybf","summary":"A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).","references":[{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151523","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/issues/151523"},{"reference_url":"https://github.com/pytorch/pytorch/pull/151887","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/pull/151887"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46368?format=json","purl":"pkg:pypi/torch@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-rr2u-g78b-yfev"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1"}],"aliases":["CVE-2025-55558","PYSEC-2025-208"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vy3e-sq4h-eybf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37125?format=json","vulnerability_id":"VCID-x8ck-txve-s7gy","summary":"A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).","references":[{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151738","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/issues/151738"},{"reference_url":"https://github.com/pytorch/pytorch/pull/151931","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/pytorch/pytorch/pull/151931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46368?format=json","purl":"pkg:pypi/torch@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-rr2u-g78b-yfev"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1"}],"aliases":["CVE-2025-55557","PYSEC-2025-207"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8ck-txve-s7gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37116?format=json","vulnerability_id":"VCID-z22a-fyhr-bbg4","summary":"In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.","references":[{"reference_url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a"},{"reference_url":"https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151198","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://github.com/pytorch/pytorch/issues/151198"},{"reference_url":"https://github.com/pytorch/pytorch/pull/152993","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://github.com/pytorch/pytorch/pull/152993"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46367?format=json","purl":"pkg:pypi/torch@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cvu-c3jj-yyhx"},{"vulnerability":"VCID-dm2h-xssw-xqhb"},{"vulnerability":"VCID-jqpq-n5zb-2ydh"},{"vulnerability":"VCID-rr2u-g78b-yfev"},{"vulnerability":"VCID-tw2j-udhp-nydv"},{"vulnerability":"VCID-vy3e-sq4h-eybf"},{"vulnerability":"VCID-x8ck-txve-s7gy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0"}],"aliases":["CVE-2025-46148","PYSEC-2025-198"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z22a-fyhr-bbg4"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@1.9.1"}