{"url":"http://public2.vulnerablecode.io/api/packages/377558?format=json","purl":"pkg:maven/org.pytorch/executorch-android@0.7.0","type":"maven","namespace":"org.pytorch","name":"executorch-android","version":"0.7.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87804?format=json","vulnerability_id":"VCID-6nd6-qt9n-a7hf","summary":"An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54950","reference_id":"","reference_type":"","scores":[{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.77081","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.77088","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.7701","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.77094","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54950"},{"reference_url":"https://github.com/pytorch/executorch","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/executorch"},{"reference_url":"https://github.com/pytorch/executorch/commit/fb03b6f85596a8f954d97929075335255b6a58d4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/executorch/commit/fb03b6f85596a8f954d97929075335255b6a58d4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54950","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54950"},{"reference_url":"https://github.com/pytorch/executorch/commit/b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005","reference_id":"b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:13:35Z/"}],"url":"https://github.com/pytorch/executorch/commit/b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005"},{"reference_url":"https://www.facebook.com/security/advisories/cve-2025-54950","reference_id":"cve-2025-54950","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:13:35Z/"}],"url":"https://www.facebook.com/security/advisories/cve-2025-54950"},{"reference_url":"https://github.com/advisories/GHSA-f9hx-c6jf-3qxm","reference_id":"GHSA-f9hx-c6jf-3qxm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f9hx-c6jf-3qxm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377558?format=json","purl":"pkg:maven/org.pytorch/executorch-android@0.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.pytorch/executorch-android@0.7.0"}],"aliases":["CVE-2025-54950","GHSA-f9hx-c6jf-3qxm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6nd6-qt9n-a7hf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89572?format=json","vulnerability_id":"VCID-nnqv-ukrv-yyhj","summary":"An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30404","reference_id":"","reference_type":"","scores":[{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73644","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73657","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.7366","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.7357","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30404"},{"reference_url":"https://github.com/pytorch/executorch","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/executorch"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30404","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30404"},{"reference_url":"https://www.facebook.com/security/advisories/cve-2025-30404","reference_id":"cve-2025-30404","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:10:48Z/"}],"url":"https://www.facebook.com/security/advisories/cve-2025-30404"},{"reference_url":"https://github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006","reference_id":"d158236b1dc84539c1b16843bc74054c9dcba006","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:10:48Z/"}],"url":"https://github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006"},{"reference_url":"https://github.com/advisories/GHSA-hj95-mhgf-jxc4","reference_id":"GHSA-hj95-mhgf-jxc4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hj95-mhgf-jxc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377558?format=json","purl":"pkg:maven/org.pytorch/executorch-android@0.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.pytorch/executorch-android@0.7.0"}],"aliases":["CVE-2025-30404","GHSA-hj95-mhgf-jxc4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnqv-ukrv-yyhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88116?format=json","vulnerability_id":"VCID-rrfd-4q2b-rfgv","summary":"A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54951","reference_id":"","reference_type":"","scores":[{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.75079","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.75077","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.75066","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74996","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54951"},{"reference_url":"https://github.com/pytorch/executorch","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/executorch"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54951","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54951"},{"reference_url":"https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c","reference_id":"cea9b23aa8ff78aff92829a466da97461cc7930c","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:20:19Z/"}],"url":"https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c"},{"reference_url":"https://www.facebook.com/security/advisories/cve-2025-54951","reference_id":"cve-2025-54951","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:20:19Z/"}],"url":"https://www.facebook.com/security/advisories/cve-2025-54951"},{"reference_url":"https://github.com/advisories/GHSA-xc7w-r669-48pf","reference_id":"GHSA-xc7w-r669-48pf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xc7w-r669-48pf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377558?format=json","purl":"pkg:maven/org.pytorch/executorch-android@0.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.pytorch/executorch-android@0.7.0"}],"aliases":["CVE-2025-54951","GHSA-xc7w-r669-48pf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrfd-4q2b-rfgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88096?format=json","vulnerability_id":"VCID-tx2w-d53s-4bf3","summary":"A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54949","reference_id":"","reference_type":"","scores":[{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.75066","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.75077","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.75079","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74996","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54949"},{"reference_url":"https://github.com/pytorch/executorch","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/executorch"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54949","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54949"},{"reference_url":"https://www.facebook.com/security/advisories/cve-2025-54949","reference_id":"cve-2025-54949","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:12:50Z/"}],"url":"https://www.facebook.com/security/advisories/cve-2025-54949"},{"reference_url":"https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be","reference_id":"ede82493dae6d2d43f8c424e7be4721abe5242be","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:12:50Z/"}],"url":"https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be"},{"reference_url":"https://github.com/advisories/GHSA-9m39-3mf3-xwch","reference_id":"GHSA-9m39-3mf3-xwch","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m39-3mf3-xwch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377558?format=json","purl":"pkg:maven/org.pytorch/executorch-android@0.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.pytorch/executorch-android@0.7.0"}],"aliases":["CVE-2025-54949","GHSA-9m39-3mf3-xwch"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tx2w-d53s-4bf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90195?format=json","vulnerability_id":"VCID-w6bs-tkf1-33cs","summary":"An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30405","reference_id":"","reference_type":"","scores":[{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73644","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73657","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.7366","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.7357","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30405"},{"reference_url":"https://github.com/pytorch/executorch","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/executorch"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30405","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30405"},{"reference_url":"https://github.com/pytorch/executorch/commit/0830af8207240df8d7f35b984cdf8bc35d74fa73","reference_id":"0830af8207240df8d7f35b984cdf8bc35d74fa73","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:11:41Z/"}],"url":"https://github.com/pytorch/executorch/commit/0830af8207240df8d7f35b984cdf8bc35d74fa73"},{"reference_url":"https://www.facebook.com/security/advisories/cve-2025-30405","reference_id":"cve-2025-30405","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-12T14:11:41Z/"}],"url":"https://www.facebook.com/security/advisories/cve-2025-30405"},{"reference_url":"https://github.com/advisories/GHSA-84m3-f99p-cqx5","reference_id":"GHSA-84m3-f99p-cqx5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-84m3-f99p-cqx5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377558?format=json","purl":"pkg:maven/org.pytorch/executorch-android@0.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.pytorch/executorch-android@0.7.0"}],"aliases":["CVE-2025-30405","GHSA-84m3-f99p-cqx5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6bs-tkf1-33cs"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.pytorch/executorch-android@0.7.0"}