{"url":"http://public2.vulnerablecode.io/api/packages/30182?format=json","purl":"pkg:pypi/paddlepaddle@2.0.0","type":"pypi","namespace":"","name":"paddlepaddle","version":"2.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.6.1","latest_non_vulnerable_version":"2.6.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36500?format=json","vulnerability_id":"VCID-5s1z-ubhw-y7af","summary":"Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38669","reference_id":"CVE-2023-38669","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38669"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38669","PYSEC-2023-122"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5s1z-ubhw-y7af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36504?format=json","vulnerability_id":"VCID-kcxs-f62a-8fbb","summary":"PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-005.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-005.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38673","reference_id":"CVE-2023-38673","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38673"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38673","PYSEC-2023-126"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcxs-f62a-8fbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36501?format=json","vulnerability_id":"VCID-nvts-nkrt-7ybs","summary":"Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-003.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-003.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38671","reference_id":"CVE-2023-38671","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38671"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38671","PYSEC-2023-124"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvts-nkrt-7ybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36324?format=json","vulnerability_id":"VCID-p4dk-geq7-j3b7","summary":"Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30198?format=json","purl":"pkg:pypi/paddlepaddle@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-5s1z-ubhw-y7af"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-kcxs-f62a-8fbb"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-nvts-nkrt-7ybs"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-swfm-bfvg-quft"},{"vulnerability":"VCID-vwp3-2fev-3qaz"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.4.0"}],"aliases":["CVE-2022-46742","PYSEC-2022-43063"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4dk-geq7-j3b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36502?format=json","vulnerability_id":"VCID-swfm-bfvg-quft","summary":"Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38670","reference_id":"CVE-2023-38670","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38670"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38670","PYSEC-2023-123"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swfm-bfvg-quft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36503?format=json","vulnerability_id":"VCID-vwp3-2fev-3qaz","summary":"FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38672","reference_id":"CVE-2023-38672","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38672"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38672","PYSEC-2023-125"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwp3-2fev-3qaz"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.0.0"}