{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","type":"pypi","namespace":"","name":"paddlepaddle","version":"2.6.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.6.1","latest_non_vulnerable_version":"2.6.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47226?format=json","vulnerability_id":"VCID-17nd-k3cn-4bb4","summary":"PaddlePaddle command injection in paddle.utils.download._wget_download\nCommand injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/4c0888d7b8f10405e2e79adc41c224264f93e816","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/4c0888d7b8f10405e2e79adc41c224264f93e816"},{"reference_url":"https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0815","reference_id":"CVE-2024-0815","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0815"},{"reference_url":"https://github.com/advisories/GHSA-qqv2-35q8-p2g2","reference_id":"GHSA-qqv2-35q8-p2g2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qqv2-35q8-p2g2"}],"fixed_packages":[],"aliases":["CVE-2024-0815","GHSA-qqv2-35q8-p2g2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17nd-k3cn-4bb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47228?format=json","vulnerability_id":"VCID-fsej-h74n-6ffs","summary":"PaddlePaddle command injection vulnerability\nCommand injection in IrGraph.draw in paddlepaddle/paddle 2.6.0","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/bdf6234fdc22e6ee7948950d271cbbe1d27edc93","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/bdf6234fdc22e6ee7948950d271cbbe1d27edc93"},{"reference_url":"https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0817","reference_id":"CVE-2024-0817","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0817"},{"reference_url":"https://github.com/advisories/GHSA-fh54-3vhg-mpc2","reference_id":"GHSA-fh54-3vhg-mpc2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fh54-3vhg-mpc2"}],"fixed_packages":[],"aliases":["CVE-2024-0817","GHSA-fh54-3vhg-mpc2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fsej-h74n-6ffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47224?format=json","vulnerability_id":"VCID-fzzq-2t1q-p7fa","summary":"PaddlePaddle Path Traversal vulnerability\nArbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/5c50d1a8b97b310cbc36560ec36d8377d6f29d7c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/5c50d1a8b97b310cbc36560ec36d8377d6f29d7c"},{"reference_url":"https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0818","reference_id":"CVE-2024-0818","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0818"},{"reference_url":"https://github.com/advisories/GHSA-2rp8-hff9-c5wr","reference_id":"GHSA-2rp8-hff9-c5wr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2rp8-hff9-c5wr"}],"fixed_packages":[],"aliases":["CVE-2024-0818","GHSA-2rp8-hff9-c5wr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fzzq-2t1q-p7fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47223?format=json","vulnerability_id":"VCID-mpck-qgnf-vfg5","summary":"PaddlePaddle vulnerable to remote code execution\nremote code execution in paddlepaddle/paddle 2.6.0","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/python/paddle/distributed/fleet/utils/fs.py#L723","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/python/paddle/distributed/fleet/utils/fs.py#L723"},{"reference_url":"https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0917","reference_id":"CVE-2024-0917","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0917"},{"reference_url":"https://github.com/advisories/GHSA-mrmm-qmrj-xgp6","reference_id":"GHSA-mrmm-qmrj-xgp6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mrmm-qmrj-xgp6"}],"fixed_packages":[],"aliases":["CVE-2024-0917","GHSA-mrmm-qmrj-xgp6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mpck-qgnf-vfg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36673?format=json","vulnerability_id":"VCID-s51x-rhes-73h1","summary":"Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52312","reference_id":"CVE-2023-52312","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52312"},{"reference_url":"https://github.com/advisories/GHSA-qppw-c37g-xwcc","reference_id":"GHSA-qppw-c37g-xwcc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qppw-c37g-xwcc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38544?format=json","purl":"pkg:pypi/paddlepaddle@2.6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.1"}],"aliases":["CVE-2023-52312","GHSA-qppw-c37g-xwcc","PYSEC-2024-144"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s51x-rhes-73h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47318?format=json","vulnerability_id":"VCID-wqhd-4yv8-37ea","summary":"PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file\npaddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1262","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1262"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1295-L1334","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/release/2.6/python/paddle/vision/ops.py#L1295-L1334"},{"reference_url":"https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1603","reference_id":"CVE-2024-1603","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1603"},{"reference_url":"https://github.com/advisories/GHSA-jwrc-3v3f-5cq5","reference_id":"GHSA-jwrc-3v3f-5cq5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jwrc-3v3f-5cq5"}],"fixed_packages":[],"aliases":["CVE-2024-1603","GHSA-jwrc-3v3f-5cq5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqhd-4yv8-37ea"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36672?format=json","vulnerability_id":"VCID-17s7-wrdn-ebes","summary":"FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38675","reference_id":"CVE-2023-38675","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38675"},{"reference_url":"https://github.com/advisories/GHSA-jm68-fpmr-8j2g","reference_id":"GHSA-jm68-fpmr-8j2g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jm68-fpmr-8j2g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38675","GHSA-jm68-fpmr-8j2g","PYSEC-2024-130"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17s7-wrdn-ebes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36667?format=json","vulnerability_id":"VCID-35qf-2v8r-t3cf","summary":"FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-140.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-140.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52308","reference_id":"CVE-2023-52308","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52308"},{"reference_url":"https://github.com/advisories/GHSA-v9pg-qw6x-w5r2","reference_id":"GHSA-v9pg-qw6x-w5r2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v9pg-qw6x-w5r2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52308","GHSA-v9pg-qw6x-w5r2","PYSEC-2024-140"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35qf-2v8r-t3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36676?format=json","vulnerability_id":"VCID-45e3-a2hf-4bh9","summary":"PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/49bec176053595975c1941cff9749c55f7203ea9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/49bec176053595975c1941cff9749c55f7203ea9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-142.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-142.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52310","reference_id":"CVE-2023-52310","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52310"},{"reference_url":"https://github.com/advisories/GHSA-j5h9-9r39-43q5","reference_id":"GHSA-j5h9-9r39-43q5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j5h9-9r39-43q5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52310","GHSA-j5h9-9r39-43q5","PYSEC-2024-142"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45e3-a2hf-4bh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36660?format=json","vulnerability_id":"VCID-49pw-ktz7-jfh4","summary":"FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-137.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-137.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52305","reference_id":"CVE-2023-52305","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52305"},{"reference_url":"https://github.com/advisories/GHSA-rx2r-q96c-w5cc","reference_id":"GHSA-rx2r-q96c-w5cc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rx2r-q96c-w5cc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52305","GHSA-rx2r-q96c-w5cc","PYSEC-2024-137"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49pw-ktz7-jfh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36663?format=json","vulnerability_id":"VCID-7dca-ch9k-jkb6","summary":"FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-138.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-138.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52306","reference_id":"CVE-2023-52306","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52306"},{"reference_url":"https://github.com/advisories/GHSA-rg9q-m8hv-xxr6","reference_id":"GHSA-rg9q-m8hv-xxr6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rg9q-m8hv-xxr6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52306","GHSA-rg9q-m8hv-xxr6","PYSEC-2024-138"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dca-ch9k-jkb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36675?format=json","vulnerability_id":"VCID-9cbs-47dq-rfca","summary":"PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/5ed9478fdef96a06eeec9093f9e768c97b094af3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/5ed9478fdef96a06eeec9093f9e768c97b094af3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-146.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-146.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52314","reference_id":"CVE-2023-52314","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52314"},{"reference_url":"https://github.com/advisories/GHSA-3cr5-2446-8pg3","reference_id":"GHSA-3cr5-2446-8pg3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3cr5-2446-8pg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52314","GHSA-3cr5-2446-8pg3","PYSEC-2024-146"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cbs-47dq-rfca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36661?format=json","vulnerability_id":"VCID-akmg-8bh1-xufv","summary":"OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-133.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-133.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38678","reference_id":"CVE-2023-38678","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38678"},{"reference_url":"https://github.com/advisories/GHSA-mr78-v55p-7777","reference_id":"GHSA-mr78-v55p-7777","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mr78-v55p-7777"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38678","GHSA-mr78-v55p-7777","PYSEC-2024-133"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akmg-8bh1-xufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36665?format=json","vulnerability_id":"VCID-cuna-r55b-rqf3","summary":"Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-131.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-131.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38676","reference_id":"CVE-2023-38676","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38676"},{"reference_url":"https://github.com/advisories/GHSA-x3q9-c788-j7c8","reference_id":"GHSA-x3q9-c788-j7c8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x3q9-c788-j7c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38676","GHSA-x3q9-c788-j7c8","PYSEC-2024-131"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuna-r55b-rqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36674?format=json","vulnerability_id":"VCID-fbr1-2g6w-tqaa","summary":"Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-135.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-135.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52303","reference_id":"CVE-2023-52303","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52303"},{"reference_url":"https://github.com/advisories/GHSA-2wcj-qr76-9768","reference_id":"GHSA-2wcj-qr76-9768","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2wcj-qr76-9768"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52303","GHSA-2wcj-qr76-9768","PYSEC-2024-135"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fbr1-2g6w-tqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36662?format=json","vulnerability_id":"VCID-fd4j-1rre-5ua9","summary":"FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-132.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-132.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38677","reference_id":"CVE-2023-38677","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38677"},{"reference_url":"https://github.com/advisories/GHSA-c6ph-m8cw-rfqh","reference_id":"GHSA-c6ph-m8cw-rfqh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c6ph-m8cw-rfqh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38677","GHSA-c6ph-m8cw-rfqh","PYSEC-2024-132"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fd4j-1rre-5ua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46866?format=json","vulnerability_id":"VCID-gh73-617q-sbdc","summary":"Improper Control of Generation of Code ('Code Injection')\nCode Injection in paddlepaddle/paddle","references":[{"reference_url":"https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0521","reference_id":"CVE-2024-0521","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0521"},{"reference_url":"https://github.com/advisories/GHSA-chj7-w3f6-cvfj","reference_id":"GHSA-chj7-w3f6-cvfj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-chj7-w3f6-cvfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2024-0521","GHSA-chj7-w3f6-cvfj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gh73-617q-sbdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36669?format=json","vulnerability_id":"VCID-h7rz-ms5h-huen","summary":"Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-136.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-136.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52304","reference_id":"CVE-2023-52304","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52304"},{"reference_url":"https://github.com/advisories/GHSA-4rrv-8gcp-24v8","reference_id":"GHSA-4rrv-8gcp-24v8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4rrv-8gcp-24v8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52304","GHSA-4rrv-8gcp-24v8","PYSEC-2024-136"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7rz-ms5h-huen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36666?format=json","vulnerability_id":"VCID-ndbe-sr54-f3ha","summary":"Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-141.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-141.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52309","reference_id":"CVE-2023-52309","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52309"},{"reference_url":"https://github.com/advisories/GHSA-8fp7-jwv2-49x9","reference_id":"GHSA-8fp7-jwv2-49x9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8fp7-jwv2-49x9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52309","GHSA-8fp7-jwv2-49x9","PYSEC-2024-141"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndbe-sr54-f3ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36677?format=json","vulnerability_id":"VCID-nehj-8bwx-qyce","summary":"FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-129.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-129.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38674","reference_id":"CVE-2023-38674","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38674"},{"reference_url":"https://github.com/advisories/GHSA-xjpw-hx47-rccv","reference_id":"GHSA-xjpw-hx47-rccv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xjpw-hx47-rccv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38674","GHSA-xjpw-hx47-rccv","PYSEC-2024-129"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nehj-8bwx-qyce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36670?format=json","vulnerability_id":"VCID-pt8v-dqvj-yue7","summary":"Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52302","reference_id":"CVE-2023-52302","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52302"},{"reference_url":"https://github.com/advisories/GHSA-547m-23x7-cxg5","reference_id":"GHSA-547m-23x7-cxg5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-547m-23x7-cxg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52302","GHSA-547m-23x7-cxg5","PYSEC-2024-134"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt8v-dqvj-yue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36668?format=json","vulnerability_id":"VCID-pyt1-w4bk-x7cb","summary":"PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/c5f6862d118d7d69210f0e73bea1b055f5f21f2b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/c5f6862d118d7d69210f0e73bea1b055f5f21f2b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-143.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-143.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52311","reference_id":"CVE-2023-52311","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52311"},{"reference_url":"https://github.com/advisories/GHSA-rf7p-79xq-8xwm","reference_id":"GHSA-rf7p-79xq-8xwm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rf7p-79xq-8xwm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52311","GHSA-rf7p-79xq-8xwm","PYSEC-2024-143"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pyt1-w4bk-x7cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36673?format=json","vulnerability_id":"VCID-s51x-rhes-73h1","summary":"Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52312","reference_id":"CVE-2023-52312","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52312"},{"reference_url":"https://github.com/advisories/GHSA-qppw-c37g-xwcc","reference_id":"GHSA-qppw-c37g-xwcc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qppw-c37g-xwcc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/38544?format=json","purl":"pkg:pypi/paddlepaddle@2.6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.1"}],"aliases":["CVE-2023-52312","GHSA-qppw-c37g-xwcc","PYSEC-2024-144"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s51x-rhes-73h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36664?format=json","vulnerability_id":"VCID-sshq-1n66-uugm","summary":"Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/6fdb316c8b0eb747e5324907e352824c9dba8215","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/6fdb316c8b0eb747e5324907e352824c9dba8215"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-139.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-139.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52307","reference_id":"CVE-2023-52307","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52307"},{"reference_url":"https://github.com/advisories/GHSA-g57v-2687-jx33","reference_id":"GHSA-g57v-2687-jx33","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g57v-2687-jx33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52307","GHSA-g57v-2687-jx33","PYSEC-2024-139"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sshq-1n66-uugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36671?format=json","vulnerability_id":"VCID-z3ar-bcd5-gya8","summary":"FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/6ef71779197ad6faf51ac295022ab5008d81372f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/6ef71779197ad6faf51ac295022ab5008d81372f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-145.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-145.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52313","reference_id":"CVE-2023-52313","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52313"},{"reference_url":"https://github.com/advisories/GHSA-275c-w5mq-v5m2","reference_id":"GHSA-275c-w5mq-v5m2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-275c-w5mq-v5m2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52313","GHSA-275c-w5mq-v5m2","PYSEC-2024-145"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3ar-bcd5-gya8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}