{"url":"http://public2.vulnerablecode.io/api/packages/68549?format=json","purl":"pkg:pypi/pytorch-lightning@1.3.7.post0","type":"pypi","namespace":"","name":"pytorch-lightning","version":"1.3.7.post0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.6.1","latest_non_vulnerable_version":"2.6.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34198?format=json","vulnerability_id":"VCID-1z2t-6a26-w7c1","summary":"A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8020.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8020","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.45036","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44886","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8020"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8020"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353669","reference_id":"2353669","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353669"},{"reference_url":"https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a","reference_id":"8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:53:50Z/"}],"url":"https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a"},{"reference_url":"https://github.com/advisories/GHSA-98fp-7v67-4v3q","reference_id":"GHSA-98fp-7v67-4v3q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-98fp-7v67-4v3q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/788237?format=json","purl":"pkg:pypi/pytorch-lightning@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dpzd-6sun-a7av"},{"vulnerability":"VCID-rdkc-nx1c-uqc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pytorch-lightning@2.3.3"}],"aliases":["CVE-2024-8020","GHSA-98fp-7v67-4v3q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1z2t-6a26-w7c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208370?format=json","vulnerability_id":"VCID-c4qf-mt6z-eucs","summary":"Code Injection in PyTorch Lightning","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0845","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50892","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.51025","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0845"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pytorch-lightning/PYSEC-2022-181.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pytorch-lightning/PYSEC-2022-181.yaml"},{"reference_url":"https://github.com/pytorchlightning/pytorch-lightning","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorchlightning/pytorch-lightning"},{"reference_url":"https://github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae"},{"reference_url":"https://github.com/PyTorchLightning/pytorch-lightning/pull/12212","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PyTorchLightning/pytorch-lightning/pull/12212"},{"reference_url":"https://huntr.dev/bounties/a795bf93-c91e-4c79-aae8-f7d8bda92e2a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/a795bf93-c91e-4c79-aae8-f7d8bda92e2a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0845","reference_id":"CVE-2022-0845","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0845"},{"reference_url":"https://github.com/advisories/GHSA-r5qj-cvf9-p85h","reference_id":"GHSA-r5qj-cvf9-p85h","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5qj-cvf9-p85h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18592?format=json","purl":"pkg:pypi/pytorch-lightning@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1z2t-6a26-w7c1"},{"vulnerability":"VCID-dpzd-6sun-a7av"},{"vulnerability":"VCID-rdkc-nx1c-uqc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pytorch-lightning@1.6.0"}],"aliases":["CVE-2022-0845","GHSA-r5qj-cvf9-p85h","PYSEC-2022-181"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4qf-mt6z-eucs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71504?format=json","vulnerability_id":"VCID-dpzd-6sun-a7av","summary":"PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load saved model states, internally calls torch.load() without setting the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the Pickle module. A remote attacker can exploit this by providing a maliciously crafted checkpoint file, leading to arbitrary code execution on the victim's system when the file is loaded.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31221","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40883","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41049","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31221"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31221","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31221"},{"reference_url":"https://www.notion.so/CVE-2026-31221-35d1e1393188815f8db7c4fd08076639","reference_id":"CVE-2026-31221-35d1e1393188815f8db7c4fd08076639","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-15T18:02:25Z/"}],"url":"https://www.notion.so/CVE-2026-31221-35d1e1393188815f8db7c4fd08076639"},{"reference_url":"https://github.com/advisories/GHSA-75m9-98v2-hjpm","reference_id":"GHSA-75m9-98v2-hjpm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75m9-98v2-hjpm"},{"reference_url":"https://github.com/Lightning-AI/pytorch-lightning","reference_id":"pytorch-lightning","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-15T18:02:25Z/"}],"url":"https://github.com/Lightning-AI/pytorch-lightning"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1069701?format=json","purl":"pkg:pypi/pytorch-lightning@2.6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pytorch-lightning@2.6.1"}],"aliases":["CVE-2026-31221","GHSA-75m9-98v2-hjpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpzd-6sun-a7av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34594?format=json","vulnerability_id":"VCID-rdkc-nx1c-uqc8","summary":"In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8019","reference_id":"","reference_type":"","scores":[{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84493","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02102","scoring_system":"epss","scoring_elements":"0.84438","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8019"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8019","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8019"},{"reference_url":"https://huntr.com/bounties/2754298b-5af5-48ef-8b38-999093ddf2bd","reference_id":"2754298b-5af5-48ef-8b38-999093ddf2bd","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:52Z/"}],"url":"https://huntr.com/bounties/2754298b-5af5-48ef-8b38-999093ddf2bd"},{"reference_url":"https://github.com/lightning-ai/pytorch-lightning/commit/330af381de88cff17515418a341cbc1f9f127f9a","reference_id":"330af381de88cff17515418a341cbc1f9f127f9a","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:52Z/"}],"url":"https://github.com/lightning-ai/pytorch-lightning/commit/330af381de88cff17515418a341cbc1f9f127f9a"},{"reference_url":"https://github.com/advisories/GHSA-4cv3-v7pv-rfhf","reference_id":"GHSA-4cv3-v7pv-rfhf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4cv3-v7pv-rfhf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378018?format=json","purl":"pkg:pypi/pytorch-lightning@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dpzd-6sun-a7av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pytorch-lightning@2.4.0"}],"aliases":["CVE-2024-8019","GHSA-4cv3-v7pv-rfhf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdkc-nx1c-uqc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207257?format=json","vulnerability_id":"VCID-uvxr-2epf-k3fw","summary":"pytorch-lightning is vulnerable to Deserialization of Untrusted Data","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4118","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50769","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50902","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4118"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pytorch-lightning/PYSEC-2021-874.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pytorch-lightning/PYSEC-2021-874.yaml"},{"reference_url":"https://github.com/pytorchlightning/pytorch-lightning","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorchlightning/pytorch-lightning"},{"reference_url":"https://github.com/pytorchlightning/pytorch-lightning/commit/62f1e82e032eb16565e676d39e0db0cac7e34ace","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorchlightning/pytorch-lightning/commit/62f1e82e032eb16565e676d39e0db0cac7e34ace"},{"reference_url":"https://github.com/PyTorchLightning/pytorch-lightning/issues/11045","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PyTorchLightning/pytorch-lightning/issues/11045"},{"reference_url":"https://github.com/PyTorchLightning/pytorch-lightning/pull/11099","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PyTorchLightning/pytorch-lightning/pull/11099"},{"reference_url":"https://github.com/PyTorchLightning/pytorch-lightning/releases/tag/1.6.0","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PyTorchLightning/pytorch-lightning/releases/tag/1.6.0"},{"reference_url":"https://huntr.dev/bounties/31832f0c-e5bb-4552-a12c-542f81f111e6","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/31832f0c-e5bb-4552-a12c-542f81f111e6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4118","reference_id":"CVE-2021-4118","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4118"},{"reference_url":"https://github.com/advisories/GHSA-2vj5-px25-gjrp","reference_id":"GHSA-2vj5-px25-gjrp","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vj5-px25-gjrp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18592?format=json","purl":"pkg:pypi/pytorch-lightning@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1z2t-6a26-w7c1"},{"vulnerability":"VCID-dpzd-6sun-a7av"},{"vulnerability":"VCID-rdkc-nx1c-uqc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pytorch-lightning@1.6.0"}],"aliases":["CVE-2021-4118","GHSA-2vj5-px25-gjrp","PYSEC-2021-874"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvxr-2epf-k3fw"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pytorch-lightning@1.3.7.post0"}