Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/torch@1.10.2
Typepypi
Namespace
Nametorch
Version1.10.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.7.1rc1
Latest_non_vulnerable_version2.10.0
Affected_by_vulnerabilities
0
url VCID-2cm1-gyvh-z3c7
vulnerability_id VCID-2cm1-gyvh-z3c7
summary An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55551.json
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55551.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55551
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30445
published_at 2026-06-11T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30641
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55551
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55551
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55551
3
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id 0e7d2a586297ae9c8ed14d8706749efc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:35:41Z/
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116537
reference_id 1116537
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116537
5
reference_url https://github.com/pytorch/pytorch/issues/151401
reference_id 151401
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:35:41Z/
url https://github.com/pytorch/pytorch/issues/151401
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398186
reference_id 2398186
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398186
fixed_packages
0
url pkg:pypi/torch@2.9.0
purl pkg:pypi/torch@2.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0
aliases BIT-pytorch-2025-55551, CVE-2025-55551, PYSEC-2025-203
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cm1-gyvh-z3c7
1
url VCID-3q35-68xe-eber
vulnerability_id VCID-3q35-68xe-eber
summary A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3730
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04433
published_at 2026-06-11T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04434
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3730
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3730
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3730
2
reference_url https://github.com/pytorch/pytorch/commit/01f226bfb8f2c343f5c614a6bbf685d91160f3af
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/commit/01f226bfb8f2c343f5c614a6bbf685d91160f3af
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3730
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3730
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103455
reference_id 1103455
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103455
5
reference_url https://github.com/pytorch/pytorch/issues/150835
reference_id 150835
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/
url https://github.com/pytorch/pytorch/issues/150835
6
reference_url https://github.com/pytorch/pytorch/issues/150835#issue-2979082232
reference_id 150835#issue-2979082232
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/
url https://github.com/pytorch/pytorch/issues/150835#issue-2979082232
7
reference_url https://github.com/pytorch/pytorch/pull/150981
reference_id 150981
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/
url https://github.com/pytorch/pytorch/pull/150981
8
reference_url https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567
reference_id 46fc5d8e360127361211cb237d5f9eef0223e567
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/
url https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567
9
reference_url https://vuldb.com/?ctiid.305076
reference_id ?ctiid.305076
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/
url https://vuldb.com/?ctiid.305076
10
reference_url https://github.com/advisories/GHSA-887c-mr87-cxwp
reference_id GHSA-887c-mr87-cxwp
reference_type
scores
url https://github.com/advisories/GHSA-887c-mr87-cxwp
11
reference_url https://vuldb.com/?id.305076
reference_id ?id.305076
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/
url https://vuldb.com/?id.305076
12
reference_url https://vuldb.com/?submit.553645
reference_id ?submit.553645
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/
url https://vuldb.com/?submit.553645
fixed_packages
0
url pkg:pypi/torch@2.8.0
purl pkg:pypi/torch@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-5p5w-9up5-37gd
2
vulnerability VCID-q3dm-d63w-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.8.0
aliases CVE-2025-3730, GHSA-887c-mr87-cxwp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3q35-68xe-eber
2
url VCID-58ck-y4af-53b7
vulnerability_id VCID-58ck-y4af-53b7
summary PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32434
reference_id
reference_type
scores
0
value 0.0043
scoring_system epss
scoring_elements 0.63084
published_at 2026-06-12T12:55:00Z
1
value 0.0043
scoring_system epss
scoring_elements 0.62982
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32434
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32434
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32434
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml
3
reference_url https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32434
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32434
5
reference_url https://github.com/advisories/GHSA-53q9-r3pm-6pq6
reference_id GHSA-53q9-r3pm-6pq6
reference_type
scores
url https://github.com/advisories/GHSA-53q9-r3pm-6pq6
6
reference_url https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
reference_id GHSA-53q9-r3pm-6pq6
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-18T16:06:40Z/
url https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
fixed_packages
0
url pkg:pypi/torch@2.6.0
purl pkg:pypi/torch@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-3q35-68xe-eber
2
vulnerability VCID-463b-5yr4-y3ag
3
vulnerability VCID-5p5w-9up5-37gd
4
vulnerability VCID-ecfu-68uk-vfcn
5
vulnerability VCID-epa6-xw1j-4uch
6
vulnerability VCID-fg7m-epez-q3aq
7
vulnerability VCID-fqj6-hqe7-qyhp
8
vulnerability VCID-gtgy-paaw-qkav
9
vulnerability VCID-m7ky-xnhx-4yh2
10
vulnerability VCID-p1wv-74nq-kfe7
11
vulnerability VCID-pk92-rz69-3yh2
12
vulnerability VCID-q3dm-d63w-8ke1
13
vulnerability VCID-qeu5-pq9f-s3a5
14
vulnerability VCID-t5p7-rh1r-7ufc
15
vulnerability VCID-v1ar-89wu-jbd8
16
vulnerability VCID-vnkh-7d4b-rkab
17
vulnerability VCID-w8fa-1ev2-53ae
18
vulnerability VCID-ysp6-geeh-zuaz
19
vulnerability VCID-zqwz-tjqc-wff3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.6.0
aliases BIT-pytorch-2025-32434, CVE-2025-32434, GHSA-53q9-r3pm-6pq6, PYSEC-2025-41
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58ck-y4af-53b7
3
url VCID-5p5w-9up5-37gd
vulnerability_id VCID-5p5w-9up5-37gd
summary pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55554.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55554.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55554
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.23845
published_at 2026-06-11T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.24043
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55554
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55554
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55554
3
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id 0e7d2a586297ae9c8ed14d8706749efc
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:56:23Z/
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116534
reference_id 1116534
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116534
5
reference_url https://github.com/pytorch/pytorch/issues/151510
reference_id 151510
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:56:23Z/
url https://github.com/pytorch/pytorch/issues/151510
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398196
reference_id 2398196
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398196
fixed_packages
0
url pkg:pypi/torch@2.9.0
purl pkg:pypi/torch@2.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0
aliases BIT-pytorch-2025-55554, CVE-2025-55554, PYSEC-2025-206
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5p5w-9up5-37gd
4
url VCID-8wcg-hkkw-17g7
vulnerability_id VCID-8wcg-hkkw-17g7
summary PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31580
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11677
published_at 2026-06-11T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11759
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31580
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31580
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31580
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-252.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-252.yaml
3
reference_url https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6649934
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6649934
4
reference_url https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d
reference_id 038c78f2f007345e6f497698ace2aa3d
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:39:32Z/
url https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379
reference_id 1070379
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379
6
reference_url https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
reference_id b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:39:32Z/
url https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31580
reference_id CVE-2024-31580
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-31580
8
reference_url https://github.com/advisories/GHSA-5pcm-hx3q-hm94
reference_id GHSA-5pcm-hx3q-hm94
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5pcm-hx3q-hm94
fixed_packages
0
url pkg:pypi/torch@2.2.0
purl pkg:pypi/torch@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-3q35-68xe-eber
2
vulnerability VCID-58ck-y4af-53b7
3
vulnerability VCID-5p5w-9up5-37gd
4
vulnerability VCID-9wbp-zmk4-cqfh
5
vulnerability VCID-epa6-xw1j-4uch
6
vulnerability VCID-fg7m-epez-q3aq
7
vulnerability VCID-fqj6-hqe7-qyhp
8
vulnerability VCID-gtgy-paaw-qkav
9
vulnerability VCID-m7ky-xnhx-4yh2
10
vulnerability VCID-p1wv-74nq-kfe7
11
vulnerability VCID-pk92-rz69-3yh2
12
vulnerability VCID-q3dm-d63w-8ke1
13
vulnerability VCID-qeu5-pq9f-s3a5
14
vulnerability VCID-t5p7-rh1r-7ufc
15
vulnerability VCID-tjfz-6fbh-kfcw
16
vulnerability VCID-v1ar-89wu-jbd8
17
vulnerability VCID-ysp6-geeh-zuaz
18
vulnerability VCID-zqwz-tjqc-wff3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0
aliases BIT-pytorch-2024-31580, CVE-2024-31580, GHSA-5pcm-hx3q-hm94, PYSEC-2024-252
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wcg-hkkw-17g7
5
url VCID-9wbp-zmk4-cqfh
vulnerability_id VCID-9wbp-zmk4-cqfh
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7804.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7804.json
1
reference_url https://github.com/pytorch/pytorch/blob/27a14405d3b996d572ba18339410e29ec005c775/torch/distributed/rpc/internal.py#L162
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/blob/27a14405d3b996d572ba18339410e29ec005c775/torch/distributed/rpc/internal.py#L162
2
reference_url https://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7804
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7804
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2353598
reference_id 2353598
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2353598
5
reference_url https://github.com/advisories/GHSA-4vmg-rw8f-92f9
reference_id GHSA-4vmg-rw8f-92f9
reference_type
scores
url https://github.com/advisories/GHSA-4vmg-rw8f-92f9
fixed_packages
0
url pkg:pypi/torch@2.4.0
purl pkg:pypi/torch@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-3q35-68xe-eber
2
vulnerability VCID-58ck-y4af-53b7
3
vulnerability VCID-5p5w-9up5-37gd
4
vulnerability VCID-epa6-xw1j-4uch
5
vulnerability VCID-fg7m-epez-q3aq
6
vulnerability VCID-fqj6-hqe7-qyhp
7
vulnerability VCID-gtgy-paaw-qkav
8
vulnerability VCID-m7ky-xnhx-4yh2
9
vulnerability VCID-p1wv-74nq-kfe7
10
vulnerability VCID-pk92-rz69-3yh2
11
vulnerability VCID-q3dm-d63w-8ke1
12
vulnerability VCID-qeu5-pq9f-s3a5
13
vulnerability VCID-t5p7-rh1r-7ufc
14
vulnerability VCID-tjfz-6fbh-kfcw
15
vulnerability VCID-v1ar-89wu-jbd8
16
vulnerability VCID-ysp6-geeh-zuaz
17
vulnerability VCID-zqwz-tjqc-wff3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.4.0
aliases CVE-2024-7804, GHSA-4vmg-rw8f-92f9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wbp-zmk4-cqfh
6
url VCID-dpnb-1ke6-ebca
vulnerability_id VCID-dpnb-1ke6-ebca
summary Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31583
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15862
published_at 2026-06-12T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.15723
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31583
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31583
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31583
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-251.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-251.yaml
3
reference_url https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6619806
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6619806
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379
reference_id 1070379
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379
5
reference_url https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176
reference_id 43e19a41f2b36503a4a228c32cdbc176
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T17:44:25Z/
url https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176
6
reference_url https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
reference_id 9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T17:44:25Z/
url https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31583
reference_id CVE-2024-31583
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-31583
8
reference_url https://github.com/advisories/GHSA-pg7h-5qx3-wjr3
reference_id GHSA-pg7h-5qx3-wjr3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pg7h-5qx3-wjr3
9
reference_url https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132
reference_id interpreter.cpp#L132
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T17:44:25Z/
url https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132
fixed_packages
0
url pkg:pypi/torch@2.2.0
purl pkg:pypi/torch@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-3q35-68xe-eber
2
vulnerability VCID-58ck-y4af-53b7
3
vulnerability VCID-5p5w-9up5-37gd
4
vulnerability VCID-9wbp-zmk4-cqfh
5
vulnerability VCID-epa6-xw1j-4uch
6
vulnerability VCID-fg7m-epez-q3aq
7
vulnerability VCID-fqj6-hqe7-qyhp
8
vulnerability VCID-gtgy-paaw-qkav
9
vulnerability VCID-m7ky-xnhx-4yh2
10
vulnerability VCID-p1wv-74nq-kfe7
11
vulnerability VCID-pk92-rz69-3yh2
12
vulnerability VCID-q3dm-d63w-8ke1
13
vulnerability VCID-qeu5-pq9f-s3a5
14
vulnerability VCID-t5p7-rh1r-7ufc
15
vulnerability VCID-tjfz-6fbh-kfcw
16
vulnerability VCID-v1ar-89wu-jbd8
17
vulnerability VCID-ysp6-geeh-zuaz
18
vulnerability VCID-zqwz-tjqc-wff3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0
aliases BIT-pytorch-2024-31583, CVE-2024-31583, GHSA-pg7h-5qx3-wjr3, PYSEC-2024-251
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpnb-1ke6-ebca
7
url VCID-epa6-xw1j-4uch
vulnerability_id VCID-epa6-xw1j-4uch
summary A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2999
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31349
published_at 2026-06-12T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31156
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2999
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2999
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2999
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-193.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-193.yaml
3
reference_url https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2999
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2999
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102231
reference_id 1102231
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102231
6
reference_url https://github.com/pytorch/pytorch/issues/149622
reference_id 149622
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/
url https://github.com/pytorch/pytorch/issues/149622
7
reference_url https://github.com/pytorch/pytorch/issues/149622#issue-2935495265
reference_id 149622#issue-2935495265
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/
url https://github.com/pytorch/pytorch/issues/149622#issue-2935495265
8
reference_url https://vuldb.com/?ctiid.302048
reference_id ?ctiid.302048
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/
url https://vuldb.com/?ctiid.302048
9
reference_url https://github.com/advisories/GHSA-vgrw-7cvw-pwgx
reference_id GHSA-vgrw-7cvw-pwgx
reference_type
scores
url https://github.com/advisories/GHSA-vgrw-7cvw-pwgx
10
reference_url https://vuldb.com/?id.302048
reference_id ?id.302048
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/
url https://vuldb.com/?id.302048
11
reference_url https://vuldb.com/?submit.524198
reference_id ?submit.524198
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/
url https://vuldb.com/?submit.524198
fixed_packages
0
url pkg:pypi/torch@2.9.1
purl pkg:pypi/torch@2.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.1
aliases BIT-pytorch-2025-2999, CVE-2025-2999, GHSA-vgrw-7cvw-pwgx, PYSEC-2025-193
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epa6-xw1j-4uch
8
url VCID-f868-nurd-ykaa
vulnerability_id VCID-f868-nurd-ykaa
summary Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31584
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.23081
published_at 2026-06-11T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.23276
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31584
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379
reference_id 1070379
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070379
2
reference_url https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
reference_id 7c35874ad664e74c8e4252d67521f3986eadb0e6
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T14:17:54Z/
url https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
3
reference_url https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305
reference_id flatbuffer_loader.cpp#L305
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T14:17:54Z/
url https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305
fixed_packages
0
url pkg:pypi/torch@2.2.0
purl pkg:pypi/torch@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-3q35-68xe-eber
2
vulnerability VCID-58ck-y4af-53b7
3
vulnerability VCID-5p5w-9up5-37gd
4
vulnerability VCID-9wbp-zmk4-cqfh
5
vulnerability VCID-epa6-xw1j-4uch
6
vulnerability VCID-fg7m-epez-q3aq
7
vulnerability VCID-fqj6-hqe7-qyhp
8
vulnerability VCID-gtgy-paaw-qkav
9
vulnerability VCID-m7ky-xnhx-4yh2
10
vulnerability VCID-p1wv-74nq-kfe7
11
vulnerability VCID-pk92-rz69-3yh2
12
vulnerability VCID-q3dm-d63w-8ke1
13
vulnerability VCID-qeu5-pq9f-s3a5
14
vulnerability VCID-t5p7-rh1r-7ufc
15
vulnerability VCID-tjfz-6fbh-kfcw
16
vulnerability VCID-v1ar-89wu-jbd8
17
vulnerability VCID-ysp6-geeh-zuaz
18
vulnerability VCID-zqwz-tjqc-wff3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.2.0
aliases BIT-pytorch-2024-31584, CVE-2024-31584, PYSEC-2024-250
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f868-nurd-ykaa
9
url VCID-fg7m-epez-q3aq
vulnerability_id VCID-fg7m-epez-q3aq
summary An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55560.json
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55560.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55560
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37847
published_at 2026-06-11T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38024
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55560
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55560
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55560
3
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id 0e7d2a586297ae9c8ed14d8706749efc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:33:24Z/
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116531
reference_id 1116531
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116531
5
reference_url https://github.com/pytorch/pytorch/issues/151522
reference_id 151522
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:33:24Z/
url https://github.com/pytorch/pytorch/issues/151522
6
reference_url https://github.com/pytorch/pytorch/pull/151897
reference_id 151897
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:33:24Z/
url https://github.com/pytorch/pytorch/pull/151897
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398211
reference_id 2398211
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398211
fixed_packages
0
url pkg:pypi/torch@2.7.1
purl pkg:pypi/torch@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-5p5w-9up5-37gd
2
vulnerability VCID-q3dm-d63w-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1
aliases BIT-pytorch-2025-55560, CVE-2025-55560, PYSEC-2025-209
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fg7m-epez-q3aq
10
url VCID-fqj6-hqe7-qyhp
vulnerability_id VCID-fqj6-hqe7-qyhp
summary A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3001
reference_id
reference_type
scores
0
value 0.0015
scoring_system epss
scoring_elements 0.35302
published_at 2026-06-11T12:55:00Z
1
value 0.0015
scoring_system epss
scoring_elements 0.35481
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3001
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3001
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-195.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-195.yaml
3
reference_url https://github.com/pytorch/pytorch/commit/999d94b5ede5f4ec111ba7dd144129e2c2725b03
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/commit/999d94b5ede5f4ec111ba7dd144129e2c2725b03
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3001
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3001
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102233
reference_id 1102233
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102233
6
reference_url https://github.com/pytorch/pytorch/issues/149626
reference_id 149626
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/
url https://github.com/pytorch/pytorch/issues/149626
7
reference_url https://github.com/pytorch/pytorch/issues/149626#issue-2935860995
reference_id 149626#issue-2935860995
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/
url https://github.com/pytorch/pytorch/issues/149626#issue-2935860995
8
reference_url https://vuldb.com/?ctiid.302050
reference_id ?ctiid.302050
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/
url https://vuldb.com/?ctiid.302050
9
reference_url https://github.com/advisories/GHSA-qfhq-4f3w-5fph
reference_id GHSA-qfhq-4f3w-5fph
reference_type
scores
url https://github.com/advisories/GHSA-qfhq-4f3w-5fph
10
reference_url https://vuldb.com/?id.302050
reference_id ?id.302050
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/
url https://vuldb.com/?id.302050
11
reference_url https://vuldb.com/?submit.524212
reference_id ?submit.524212
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/
url https://vuldb.com/?submit.524212
fixed_packages
0
url pkg:pypi/torch@2.10.0
purl pkg:pypi/torch@2.10.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.10.0
aliases BIT-pytorch-2025-3001, CVE-2025-3001, GHSA-qfhq-4f3w-5fph, PYSEC-2025-195
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqj6-hqe7-qyhp
11
url VCID-gtgy-paaw-qkav
vulnerability_id VCID-gtgy-paaw-qkav
summary A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2998
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31156
published_at 2026-06-11T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31349
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2998
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2998
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2998
2
reference_url https://github.com/advisories/GHSA-f4hp-rmr7-r7v8
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
url https://github.com/advisories/GHSA-f4hp-rmr7-r7v8
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-192.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-192.yaml
4
reference_url https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2998
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2998
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102230
reference_id 1102230
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102230
7
reference_url https://github.com/pytorch/pytorch/issues/149622
reference_id 149622
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/
url https://github.com/pytorch/pytorch/issues/149622
8
reference_url https://github.com/pytorch/pytorch/issues/149622#issue-2935495265
reference_id 149622#issue-2935495265
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/
url https://github.com/pytorch/pytorch/issues/149622#issue-2935495265
9
reference_url https://vuldb.com/?ctiid.302047
reference_id ?ctiid.302047
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/
url https://vuldb.com/?ctiid.302047
10
reference_url https://vuldb.com/?id.302047
reference_id ?id.302047
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/
url https://vuldb.com/?id.302047
11
reference_url https://vuldb.com/?submit.524151
reference_id ?submit.524151
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/
url https://vuldb.com/?submit.524151
fixed_packages
aliases BIT-pytorch-2025-2998, CVE-2025-2998, GHSA-f4hp-rmr7-r7v8, PYSEC-2025-192
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gtgy-paaw-qkav
12
url VCID-m7ky-xnhx-4yh2
vulnerability_id VCID-m7ky-xnhx-4yh2
summary A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55558.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55558.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55558
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31169
published_at 2026-06-11T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31363
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55558
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55558
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55558
3
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id 0e7d2a586297ae9c8ed14d8706749efc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:59:38Z/
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116532
reference_id 1116532
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116532
5
reference_url https://github.com/pytorch/pytorch/issues/151523
reference_id 151523
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:59:38Z/
url https://github.com/pytorch/pytorch/issues/151523
6
reference_url https://github.com/pytorch/pytorch/pull/151887
reference_id 151887
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:59:38Z/
url https://github.com/pytorch/pytorch/pull/151887
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398201
reference_id 2398201
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398201
fixed_packages
0
url pkg:pypi/torch@2.7.1
purl pkg:pypi/torch@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-5p5w-9up5-37gd
2
vulnerability VCID-q3dm-d63w-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1
aliases BIT-pytorch-2025-55558, CVE-2025-55558, PYSEC-2025-208
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7ky-xnhx-4yh2
13
url VCID-p1wv-74nq-kfe7
vulnerability_id VCID-p1wv-74nq-kfe7
summary In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46148.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46148.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46148
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.29096
published_at 2026-06-12T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.28894
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46148
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46148
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116543
reference_id 1116543
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116543
4
reference_url https://github.com/pytorch/pytorch/issues/151198
reference_id 151198
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:46:23Z/
url https://github.com/pytorch/pytorch/issues/151198
5
reference_url https://github.com/pytorch/pytorch/pull/152993
reference_id 152993
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:46:23Z/
url https://github.com/pytorch/pytorch/pull/152993
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398164
reference_id 2398164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398164
7
reference_url https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a
reference_id 4bcefba4004f8271e64b5185c95a248a
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:46:23Z/
url https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a
8
reference_url https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093
reference_id 65a587a579dfdff887b9b35bb79b9093
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:46:23Z/
url https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093
fixed_packages
0
url pkg:pypi/torch@2.7.0
purl pkg:pypi/torch@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-5p5w-9up5-37gd
2
vulnerability VCID-fg7m-epez-q3aq
3
vulnerability VCID-m7ky-xnhx-4yh2
4
vulnerability VCID-q3dm-d63w-8ke1
5
vulnerability VCID-qeu5-pq9f-s3a5
6
vulnerability VCID-t5p7-rh1r-7ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0
aliases BIT-pytorch-2025-46148, CVE-2025-46148, PYSEC-2025-198
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1wv-74nq-kfe7
14
url VCID-pk92-rz69-3yh2
vulnerability_id VCID-pk92-rz69-3yh2
summary A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2149
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16344
published_at 2026-06-11T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.16489
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2149
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2149
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2149
2
reference_url https://github.com/advisories/GHSA-x3gm-94wq-g975
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
url https://github.com/advisories/GHSA-x3gm-94wq-g975
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-190.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-190.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2149
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2149
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102220
reference_id 1102220
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102220
6
reference_url https://github.com/pytorch/pytorch/issues/147818
reference_id 147818
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/
url https://github.com/pytorch/pytorch/issues/147818
7
reference_url https://github.com/pytorch/pytorch/issues/147818#issue-2877301660
reference_id 147818#issue-2877301660
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/
url https://github.com/pytorch/pytorch/issues/147818#issue-2877301660
8
reference_url https://vuldb.com/?ctiid.299060
reference_id ?ctiid.299060
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/
url https://vuldb.com/?ctiid.299060
9
reference_url https://vuldb.com/?id.299060
reference_id ?id.299060
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/
url https://vuldb.com/?id.299060
10
reference_url https://vuldb.com/?submit.506563
reference_id ?submit.506563
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:N/I:P/A:N
1
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/
url https://vuldb.com/?submit.506563
fixed_packages
aliases BIT-pytorch-2025-2149, CVE-2025-2149, GHSA-x3gm-94wq-g975, PYSEC-2025-190
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pk92-rz69-3yh2
15
url VCID-q3dm-d63w-8ke1
vulnerability_id VCID-q3dm-d63w-8ke1
summary pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55552.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55552.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55552
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.3504
published_at 2026-06-11T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35218
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55552
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55552
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55552
3
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id 0e7d2a586297ae9c8ed14d8706749efc
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:31:03Z/
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116536
reference_id 1116536
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116536
5
reference_url https://github.com/pytorch/pytorch/issues/147847
reference_id 147847
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:31:03Z/
url https://github.com/pytorch/pytorch/issues/147847
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398192
reference_id 2398192
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398192
fixed_packages
0
url pkg:pypi/torch@2.9.0
purl pkg:pypi/torch@2.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0
aliases BIT-pytorch-2025-55552, CVE-2025-55552, PYSEC-2025-204
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3dm-d63w-8ke1
16
url VCID-qeu5-pq9f-s3a5
vulnerability_id VCID-qeu5-pq9f-s3a5
summary A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55553.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55553.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55553
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.22084
published_at 2026-06-11T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.22275
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55553
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55553
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55553
3
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id 0e7d2a586297ae9c8ed14d8706749efc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:28:46Z/
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116535
reference_id 1116535
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116535
5
reference_url https://github.com/pytorch/pytorch/issues/151432
reference_id 151432
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:28:46Z/
url https://github.com/pytorch/pytorch/issues/151432
6
reference_url https://github.com/pytorch/pytorch/pull/154645
reference_id 154645
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:28:46Z/
url https://github.com/pytorch/pytorch/pull/154645
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398193
reference_id 2398193
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398193
fixed_packages
0
url pkg:pypi/torch@2.7.1
purl pkg:pypi/torch@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-5p5w-9up5-37gd
2
vulnerability VCID-q3dm-d63w-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1
aliases BIT-pytorch-2025-55553, CVE-2025-55553, PYSEC-2025-205
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qeu5-pq9f-s3a5
17
url VCID-t5p7-rh1r-7ufc
vulnerability_id VCID-t5p7-rh1r-7ufc
summary A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55557.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55557.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55557
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.22084
published_at 2026-06-11T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.22275
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55557
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55557
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55557
3
reference_url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
reference_id 0e7d2a586297ae9c8ed14d8706749efc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T16:13:29Z/
url https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116533
reference_id 1116533
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116533
5
reference_url https://github.com/pytorch/pytorch/issues/151738
reference_id 151738
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T16:13:29Z/
url https://github.com/pytorch/pytorch/issues/151738
6
reference_url https://github.com/pytorch/pytorch/pull/151931
reference_id 151931
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T16:13:29Z/
url https://github.com/pytorch/pytorch/pull/151931
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398190
reference_id 2398190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398190
fixed_packages
0
url pkg:pypi/torch@2.7.1
purl pkg:pypi/torch@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-5p5w-9up5-37gd
2
vulnerability VCID-q3dm-d63w-8ke1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1
aliases BIT-pytorch-2025-55557, CVE-2025-55557, PYSEC-2025-207
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5p7-rh1r-7ufc
18
url VCID-tjfz-6fbh-kfcw
vulnerability_id VCID-tjfz-6fbh-kfcw
summary In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48063
reference_id
reference_type
scores
0
value 0.25104
scoring_system epss
scoring_elements 0.96315
published_at 2026-06-12T12:55:00Z
1
value 0.25104
scoring_system epss
scoring_elements 0.96304
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48063
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48063
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48063
2
reference_url https://github.com/pytorch/pytorch/issues/129228
reference_id 129228
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T17:19:08Z/
url https://github.com/pytorch/pytorch/issues/129228
3
reference_url https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065
reference_id c046c066895a963ecc0a2cf9e1180065
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T17:19:08Z/
url https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065
4
reference_url https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c
reference_id Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T17:19:08Z/
url https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c
5
reference_url https://github.com/pytorch/pytorch/security/policy#using-distributed-features
reference_id policy#using-distributed-features
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T17:19:08Z/
url https://github.com/pytorch/pytorch/security/policy#using-distributed-features
fixed_packages
0
url pkg:pypi/torch@2.5.0
purl pkg:pypi/torch@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-3q35-68xe-eber
2
vulnerability VCID-58ck-y4af-53b7
3
vulnerability VCID-5p5w-9up5-37gd
4
vulnerability VCID-epa6-xw1j-4uch
5
vulnerability VCID-fg7m-epez-q3aq
6
vulnerability VCID-fqj6-hqe7-qyhp
7
vulnerability VCID-gtgy-paaw-qkav
8
vulnerability VCID-m7ky-xnhx-4yh2
9
vulnerability VCID-p1wv-74nq-kfe7
10
vulnerability VCID-pk92-rz69-3yh2
11
vulnerability VCID-q3dm-d63w-8ke1
12
vulnerability VCID-qeu5-pq9f-s3a5
13
vulnerability VCID-t5p7-rh1r-7ufc
14
vulnerability VCID-v1ar-89wu-jbd8
15
vulnerability VCID-ysp6-geeh-zuaz
16
vulnerability VCID-zqwz-tjqc-wff3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.5.0
aliases BIT-pytorch-2024-48063, CVE-2024-48063, PYSEC-2024-259
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tjfz-6fbh-kfcw
19
url VCID-v1ar-89wu-jbd8
vulnerability_id VCID-v1ar-89wu-jbd8
summary A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2953.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2953.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2953
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.1865
published_at 2026-06-12T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18488
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2953
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2953
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2953
3
reference_url https://github.com/advisories/GHSA-3749-ghw9-m3mg
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://github.com/advisories/GHSA-3749-ghw9-m3mg
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-191.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-191.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2953
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2953
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102229
reference_id 1102229
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102229
7
reference_url https://github.com/pytorch/pytorch/issues/149274
reference_id 149274
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/
url https://github.com/pytorch/pytorch/issues/149274
8
reference_url https://github.com/pytorch/pytorch/issues/149274#issue-2923122269
reference_id 149274#issue-2923122269
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/
url https://github.com/pytorch/pytorch/issues/149274#issue-2923122269
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2356078
reference_id 2356078
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2356078
10
reference_url https://vuldb.com/?ctiid.302006
reference_id ?ctiid.302006
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/
url https://vuldb.com/?ctiid.302006
11
reference_url https://vuldb.com/?id.302006
reference_id ?id.302006
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/
url https://vuldb.com/?id.302006
12
reference_url https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models
reference_id SECURITY.md#untrusted-models
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/
url https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models
13
reference_url https://vuldb.com/?submit.521279
reference_id ?submit.521279
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/
url https://vuldb.com/?submit.521279
fixed_packages
0
url pkg:pypi/torch@2.7.1rc1
purl pkg:pypi/torch@2.7.1rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1rc1
aliases BIT-pytorch-2025-2953, CVE-2025-2953, GHSA-3749-ghw9-m3mg, PYSEC-2025-191
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1ar-89wu-jbd8
20
url VCID-ysp6-geeh-zuaz
vulnerability_id VCID-ysp6-geeh-zuaz
summary A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3000
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.2392
published_at 2026-06-11T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.24118
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3000
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3000
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3000
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-194.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-194.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3000
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3000
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102232
reference_id 1102232
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102232
5
reference_url https://github.com/pytorch/pytorch/issues/149623
reference_id 149623
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/
url https://github.com/pytorch/pytorch/issues/149623
6
reference_url https://github.com/pytorch/pytorch/issues/149623#issue-2935703015
reference_id 149623#issue-2935703015
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/
url https://github.com/pytorch/pytorch/issues/149623#issue-2935703015
7
reference_url https://vuldb.com/?ctiid.302049
reference_id ?ctiid.302049
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/
url https://vuldb.com/?ctiid.302049
8
reference_url https://github.com/advisories/GHSA-rrmf-rvhw-rf47
reference_id GHSA-rrmf-rvhw-rf47
reference_type
scores
url https://github.com/advisories/GHSA-rrmf-rvhw-rf47
9
reference_url https://vuldb.com/?id.302049
reference_id ?id.302049
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/
url https://vuldb.com/?id.302049
10
reference_url https://vuldb.com/?submit.524197
reference_id ?submit.524197
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/
url https://vuldb.com/?submit.524197
fixed_packages
aliases BIT-pytorch-2025-3000, CVE-2025-3000, GHSA-rrmf-rvhw-rf47, PYSEC-2025-194
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysp6-geeh-zuaz
21
url VCID-yzun-1n7z-j3fk
vulnerability_id VCID-yzun-1n7z-j3fk
summary In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45907
reference_id
reference_type
scores
0
value 0.00829
scoring_system epss
scoring_elements 0.75036
published_at 2026-06-12T12:55:00Z
1
value 0.00829
scoring_system epss
scoring_elements 0.74966
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45907
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45907
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2022-43015.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2022-43015.yaml
3
reference_url https://github.com/pytorch/pytorch/issues/89855
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/issues/89855
4
reference_url https://github.com/pytorch/pytorch/pull/89189
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/pull/89189
5
reference_url https://github.com/pytorch/pytorch/releases/tag/v1.13.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/releases/tag/v1.13.1
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024903
reference_id 1024903
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024903
7
reference_url https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3
reference_id 767f6aa49fe20a2766b9843d01e3b7f7793df6a3
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T19:15:34Z/
url https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3
8
reference_url https://github.com/pytorch/pytorch/issues/88868
reference_id 88868
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T19:15:34Z/
url https://github.com/pytorch/pytorch/issues/88868
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45907
reference_id CVE-2022-45907
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45907
10
reference_url https://github.com/advisories/GHSA-47fc-vmwq-366v
reference_id GHSA-47fc-vmwq-366v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47fc-vmwq-366v
fixed_packages
0
url pkg:pypi/torch@1.13.1
purl pkg:pypi/torch@1.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cm1-gyvh-z3c7
1
vulnerability VCID-3q35-68xe-eber
2
vulnerability VCID-58ck-y4af-53b7
3
vulnerability VCID-5p5w-9up5-37gd
4
vulnerability VCID-8wcg-hkkw-17g7
5
vulnerability VCID-9wbp-zmk4-cqfh
6
vulnerability VCID-dpnb-1ke6-ebca
7
vulnerability VCID-epa6-xw1j-4uch
8
vulnerability VCID-f868-nurd-ykaa
9
vulnerability VCID-fg7m-epez-q3aq
10
vulnerability VCID-fqj6-hqe7-qyhp
11
vulnerability VCID-gtgy-paaw-qkav
12
vulnerability VCID-m7ky-xnhx-4yh2
13
vulnerability VCID-p1wv-74nq-kfe7
14
vulnerability VCID-pk92-rz69-3yh2
15
vulnerability VCID-q3dm-d63w-8ke1
16
vulnerability VCID-qeu5-pq9f-s3a5
17
vulnerability VCID-t5p7-rh1r-7ufc
18
vulnerability VCID-tjfz-6fbh-kfcw
19
vulnerability VCID-v1ar-89wu-jbd8
20
vulnerability VCID-ysp6-geeh-zuaz
21
vulnerability VCID-zqwz-tjqc-wff3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/torch@1.13.1
aliases BIT-pytorch-2022-45907, CVE-2022-45907, GHSA-47fc-vmwq-366v, PYSEC-2022-43015
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yzun-1n7z-j3fk
22
url VCID-zqwz-tjqc-wff3
vulnerability_id VCID-zqwz-tjqc-wff3
summary A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2148
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24586
published_at 2026-06-12T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24392
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2148
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2148
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2148
2
reference_url https://github.com/advisories/GHSA-c678-jfcj-6jmf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://github.com/advisories/GHSA-c678-jfcj-6jmf
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-189.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-189.yaml
4
reference_url https://github.com/pytorch/pytorch/blob/b0a67c7495bb11ecb23e556058db059ba48354af/torch/autograd/profiler.py#L990
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pytorch/pytorch/blob/b0a67c7495bb11ecb23e556058db059ba48354af/torch/autograd/profiler.py#L990
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2148
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2148
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102219
reference_id 1102219
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102219
7
reference_url https://github.com/pytorch/pytorch/issues/147722
reference_id 147722
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
1
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
4
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:10:27Z/
url https://github.com/pytorch/pytorch/issues/147722
8
reference_url https://vuldb.com/?ctiid.299059
reference_id ?ctiid.299059
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
1
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
4
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:10:27Z/
url https://vuldb.com/?ctiid.299059
9
reference_url https://vuldb.com/?id.299059
reference_id ?id.299059
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
1
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
4
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:10:27Z/
url https://vuldb.com/?id.299059
10
reference_url https://vuldb.com/?submit.505959
reference_id ?submit.505959
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
1
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
4
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:10:27Z/
url https://vuldb.com/?submit.505959
fixed_packages
aliases BIT-pytorch-2025-2148, CVE-2025-2148, GHSA-c678-jfcj-6jmf, PYSEC-2025-189
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqwz-tjqc-wff3
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/torch@1.10.2