{"url":"http://public2.vulnerablecode.io/api/packages/87461?format=json","purl":"pkg:pypi/torch@2.6.0","type":"pypi","namespace":"","name":"torch","version":"2.6.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.9.0","latest_non_vulnerable_version":"2.10.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121447?format=json","vulnerability_id":"VCID-2cm1-gyvh-z3c7","summary":"An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55551.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55551.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55551","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30647","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30445","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30641","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30661","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55551"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55551"},{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"0e7d2a586297ae9c8ed14d8706749efc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:35:41Z/"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116537","reference_id":"1116537","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116537"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151401","reference_id":"151401","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:35:41Z/"}],"url":"https://github.com/pytorch/pytorch/issues/151401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398186","reference_id":"2398186","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398186"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89099?format=json","purl":"pkg:pypi/torch@2.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0"}],"aliases":["BIT-pytorch-2025-55551","CVE-2025-55551","PYSEC-2025-203"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2cm1-gyvh-z3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127678?format=json","vulnerability_id":"VCID-3q35-68xe-eber","summary":"A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3730","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04433","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04415","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04418","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04434","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3730"},{"reference_url":"https://github.com/pytorch/pytorch/commit/01f226bfb8f2c343f5c614a6bbf685d91160f3af","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/pytorch/commit/01f226bfb8f2c343f5c614a6bbf685d91160f3af"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3730","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3730"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103455","reference_id":"1103455","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103455"},{"reference_url":"https://github.com/pytorch/pytorch/issues/150835","reference_id":"150835","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/"}],"url":"https://github.com/pytorch/pytorch/issues/150835"},{"reference_url":"https://github.com/pytorch/pytorch/issues/150835#issue-2979082232","reference_id":"150835#issue-2979082232","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/"}],"url":"https://github.com/pytorch/pytorch/issues/150835#issue-2979082232"},{"reference_url":"https://github.com/pytorch/pytorch/pull/150981","reference_id":"150981","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/"}],"url":"https://github.com/pytorch/pytorch/pull/150981"},{"reference_url":"https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567","reference_id":"46fc5d8e360127361211cb237d5f9eef0223e567","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/"}],"url":"https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567"},{"reference_url":"https://vuldb.com/?ctiid.305076","reference_id":"?ctiid.305076","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/"}],"url":"https://vuldb.com/?ctiid.305076"},{"reference_url":"https://github.com/advisories/GHSA-887c-mr87-cxwp","reference_id":"GHSA-887c-mr87-cxwp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-887c-mr87-cxwp"},{"reference_url":"https://vuldb.com/?id.305076","reference_id":"?id.305076","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/"}],"url":"https://vuldb.com/?id.305076"},{"reference_url":"https://vuldb.com/?submit.553645","reference_id":"?submit.553645","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:30:13Z/"}],"url":"https://vuldb.com/?submit.553645"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89098?format=json","purl":"pkg:pypi/torch@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-q3dm-d63w-8ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.8.0"}],"aliases":["CVE-2025-3730","GHSA-887c-mr87-cxwp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q35-68xe-eber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97560?format=json","vulnerability_id":"VCID-463b-5yr4-y3ag","summary":"In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46149.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46149.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46149","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11177","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.112","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11234","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11243","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46149"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116541","reference_id":"1116541","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116541"},{"reference_url":"https://github.com/pytorch/pytorch/issues/147848","reference_id":"147848","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:43:14Z/"}],"url":"https://github.com/pytorch/pytorch/issues/147848"},{"reference_url":"https://github.com/pytorch/pytorch/pull/147961","reference_id":"147961","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:43:14Z/"}],"url":"https://github.com/pytorch/pytorch/pull/147961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398169","reference_id":"2398169","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398169"},{"reference_url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a","reference_id":"4bcefba4004f8271e64b5185c95a248a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:43:14Z/"}],"url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89096?format=json","purl":"pkg:pypi/torch@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-fg7m-epez-q3aq"},{"vulnerability":"VCID-m7ky-xnhx-4yh2"},{"vulnerability":"VCID-q3dm-d63w-8ke1"},{"vulnerability":"VCID-qeu5-pq9f-s3a5"},{"vulnerability":"VCID-t5p7-rh1r-7ufc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0"}],"aliases":["BIT-pytorch-2025-46149","CVE-2025-46149","PYSEC-2025-199"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-463b-5yr4-y3ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121574?format=json","vulnerability_id":"VCID-5p5w-9up5-37gd","summary":"pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55554.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55554.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55554","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24029","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23845","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24043","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24051","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55554"},{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"0e7d2a586297ae9c8ed14d8706749efc","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:56:23Z/"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116534","reference_id":"1116534","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116534"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151510","reference_id":"151510","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:56:23Z/"}],"url":"https://github.com/pytorch/pytorch/issues/151510"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398196","reference_id":"2398196","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398196"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89099?format=json","purl":"pkg:pypi/torch@2.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0"}],"aliases":["BIT-pytorch-2025-55554","CVE-2025-55554","PYSEC-2025-206"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p5w-9up5-37gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97284?format=json","vulnerability_id":"VCID-ecfu-68uk-vfcn","summary":"In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46150.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46150","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28894","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29102","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29115","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29096","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46150"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116540","reference_id":"1116540","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116540"},{"reference_url":"https://github.com/pytorch/pytorch/issues/141538","reference_id":"141538","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:39:57Z/"}],"url":"https://github.com/pytorch/pytorch/issues/141538"},{"reference_url":"https://github.com/pytorch/pytorch/issues/141538#issuecomment-2537424658","reference_id":"141538#issuecomment-2537424658","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:39:57Z/"}],"url":"https://github.com/pytorch/pytorch/issues/141538#issuecomment-2537424658"},{"reference_url":"https://github.com/pytorch/pytorch/pull/144395","reference_id":"144395","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:39:57Z/"}],"url":"https://github.com/pytorch/pytorch/pull/144395"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398170","reference_id":"2398170","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398170"},{"reference_url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a","reference_id":"4bcefba4004f8271e64b5185c95a248a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:39:57Z/"}],"url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89096?format=json","purl":"pkg:pypi/torch@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-fg7m-epez-q3aq"},{"vulnerability":"VCID-m7ky-xnhx-4yh2"},{"vulnerability":"VCID-q3dm-d63w-8ke1"},{"vulnerability":"VCID-qeu5-pq9f-s3a5"},{"vulnerability":"VCID-t5p7-rh1r-7ufc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0"}],"aliases":["BIT-pytorch-2025-46150","CVE-2025-46150","PYSEC-2025-200"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecfu-68uk-vfcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/125930?format=json","vulnerability_id":"VCID-epa6-xw1j-4uch","summary":"A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2999","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31156","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31348","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31367","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31349","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2999","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2999"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-193.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-193.yaml"},{"reference_url":"https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2999","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2999"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102231","reference_id":"1102231","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102231"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149622","reference_id":"149622","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149622"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149622#issue-2935495265","reference_id":"149622#issue-2935495265","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149622#issue-2935495265"},{"reference_url":"https://vuldb.com/?ctiid.302048","reference_id":"?ctiid.302048","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/"}],"url":"https://vuldb.com/?ctiid.302048"},{"reference_url":"https://github.com/advisories/GHSA-vgrw-7cvw-pwgx","reference_id":"GHSA-vgrw-7cvw-pwgx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vgrw-7cvw-pwgx"},{"reference_url":"https://vuldb.com/?id.302048","reference_id":"?id.302048","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/"}],"url":"https://vuldb.com/?id.302048"},{"reference_url":"https://vuldb.com/?submit.524198","reference_id":"?submit.524198","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:04:36Z/"}],"url":"https://vuldb.com/?submit.524198"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377985?format=json","purl":"pkg:pypi/torch@2.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.1"}],"aliases":["BIT-pytorch-2025-2999","CVE-2025-2999","GHSA-vgrw-7cvw-pwgx","PYSEC-2025-193"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epa6-xw1j-4uch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121633?format=json","vulnerability_id":"VCID-fg7m-epez-q3aq","summary":"An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55560.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55560.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55560","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37847","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38038","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3805","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38024","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55560"},{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"0e7d2a586297ae9c8ed14d8706749efc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:33:24Z/"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116531","reference_id":"1116531","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116531"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151522","reference_id":"151522","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:33:24Z/"}],"url":"https://github.com/pytorch/pytorch/issues/151522"},{"reference_url":"https://github.com/pytorch/pytorch/pull/151897","reference_id":"151897","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:33:24Z/"}],"url":"https://github.com/pytorch/pytorch/pull/151897"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398211","reference_id":"2398211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398211"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89097?format=json","purl":"pkg:pypi/torch@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-3q35-68xe-eber"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-q3dm-d63w-8ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1"}],"aliases":["BIT-pytorch-2025-55560","CVE-2025-55560","PYSEC-2025-209"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fg7m-epez-q3aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126913?format=json","vulnerability_id":"VCID-fqj6-hqe7-qyhp","summary":"A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3001","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35487","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35302","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35504","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35481","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3001"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-195.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-195.yaml"},{"reference_url":"https://github.com/pytorch/pytorch/commit/999d94b5ede5f4ec111ba7dd144129e2c2725b03","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/pytorch/commit/999d94b5ede5f4ec111ba7dd144129e2c2725b03"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3001","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102233","reference_id":"1102233","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102233"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149626","reference_id":"149626","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149626"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149626#issue-2935860995","reference_id":"149626#issue-2935860995","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149626#issue-2935860995"},{"reference_url":"https://vuldb.com/?ctiid.302050","reference_id":"?ctiid.302050","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/"}],"url":"https://vuldb.com/?ctiid.302050"},{"reference_url":"https://github.com/advisories/GHSA-qfhq-4f3w-5fph","reference_id":"GHSA-qfhq-4f3w-5fph","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qfhq-4f3w-5fph"},{"reference_url":"https://vuldb.com/?id.302050","reference_id":"?id.302050","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/"}],"url":"https://vuldb.com/?id.302050"},{"reference_url":"https://vuldb.com/?submit.524212","reference_id":"?submit.524212","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:13:57Z/"}],"url":"https://vuldb.com/?submit.524212"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378149?format=json","purl":"pkg:pypi/torch@2.10.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.10.0"}],"aliases":["BIT-pytorch-2025-3001","CVE-2025-3001","GHSA-qfhq-4f3w-5fph","PYSEC-2025-195"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqj6-hqe7-qyhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126091?format=json","vulnerability_id":"VCID-gtgy-paaw-qkav","summary":"A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2998","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31349","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31156","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31348","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31367","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2998"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2998","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2998"},{"reference_url":"https://github.com/advisories/GHSA-f4hp-rmr7-r7v8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}],"url":"https://github.com/advisories/GHSA-f4hp-rmr7-r7v8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-192.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-192.yaml"},{"reference_url":"https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2998","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2998"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102230","reference_id":"1102230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102230"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149622","reference_id":"149622","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149622"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149622#issue-2935495265","reference_id":"149622#issue-2935495265","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149622#issue-2935495265"},{"reference_url":"https://vuldb.com/?ctiid.302047","reference_id":"?ctiid.302047","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/"}],"url":"https://vuldb.com/?ctiid.302047"},{"reference_url":"https://vuldb.com/?id.302047","reference_id":"?id.302047","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/"}],"url":"https://vuldb.com/?id.302047"},{"reference_url":"https://vuldb.com/?submit.524151","reference_id":"?submit.524151","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T15:27:13Z/"}],"url":"https://vuldb.com/?submit.524151"}],"fixed_packages":[],"aliases":["BIT-pytorch-2025-2998","CVE-2025-2998","GHSA-f4hp-rmr7-r7v8","PYSEC-2025-192"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gtgy-paaw-qkav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121598?format=json","vulnerability_id":"VCID-m7ky-xnhx-4yh2","summary":"A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55558.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55558.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55558","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31169","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31362","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31381","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31363","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55558"},{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"0e7d2a586297ae9c8ed14d8706749efc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:59:38Z/"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116532","reference_id":"1116532","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116532"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151523","reference_id":"151523","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:59:38Z/"}],"url":"https://github.com/pytorch/pytorch/issues/151523"},{"reference_url":"https://github.com/pytorch/pytorch/pull/151887","reference_id":"151887","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T19:59:38Z/"}],"url":"https://github.com/pytorch/pytorch/pull/151887"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398201","reference_id":"2398201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398201"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89097?format=json","purl":"pkg:pypi/torch@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-3q35-68xe-eber"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-q3dm-d63w-8ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1"}],"aliases":["BIT-pytorch-2025-55558","CVE-2025-55558","PYSEC-2025-208"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7ky-xnhx-4yh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97096?format=json","vulnerability_id":"VCID-p1wv-74nq-kfe7","summary":"In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46148.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46148.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46148","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28894","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29102","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29115","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29096","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46148"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46148","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46148"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116543","reference_id":"1116543","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116543"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151198","reference_id":"151198","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:46:23Z/"}],"url":"https://github.com/pytorch/pytorch/issues/151198"},{"reference_url":"https://github.com/pytorch/pytorch/pull/152993","reference_id":"152993","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:46:23Z/"}],"url":"https://github.com/pytorch/pytorch/pull/152993"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398164","reference_id":"2398164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398164"},{"reference_url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a","reference_id":"4bcefba4004f8271e64b5185c95a248a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:46:23Z/"}],"url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a"},{"reference_url":"https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093","reference_id":"65a587a579dfdff887b9b35bb79b9093","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:46:23Z/"}],"url":"https://gist.github.com/shaoyuyoung/65a587a579dfdff887b9b35bb79b9093"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89096?format=json","purl":"pkg:pypi/torch@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-fg7m-epez-q3aq"},{"vulnerability":"VCID-m7ky-xnhx-4yh2"},{"vulnerability":"VCID-q3dm-d63w-8ke1"},{"vulnerability":"VCID-qeu5-pq9f-s3a5"},{"vulnerability":"VCID-t5p7-rh1r-7ufc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0"}],"aliases":["BIT-pytorch-2025-46148","CVE-2025-46148","PYSEC-2025-198"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1wv-74nq-kfe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126297?format=json","vulnerability_id":"VCID-pk92-rz69-3yh2","summary":"A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2149","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16344","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16499","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16489","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16472","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2149"},{"reference_url":"https://github.com/advisories/GHSA-x3gm-94wq-g975","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}],"url":"https://github.com/advisories/GHSA-x3gm-94wq-g975"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-190.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-190.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2149","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2149"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102220","reference_id":"1102220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102220"},{"reference_url":"https://github.com/pytorch/pytorch/issues/147818","reference_id":"147818","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:P/A:N"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/"}],"url":"https://github.com/pytorch/pytorch/issues/147818"},{"reference_url":"https://github.com/pytorch/pytorch/issues/147818#issue-2877301660","reference_id":"147818#issue-2877301660","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:P/A:N"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/"}],"url":"https://github.com/pytorch/pytorch/issues/147818#issue-2877301660"},{"reference_url":"https://vuldb.com/?ctiid.299060","reference_id":"?ctiid.299060","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:P/A:N"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/"}],"url":"https://vuldb.com/?ctiid.299060"},{"reference_url":"https://vuldb.com/?id.299060","reference_id":"?id.299060","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:P/A:N"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/"}],"url":"https://vuldb.com/?id.299060"},{"reference_url":"https://vuldb.com/?submit.506563","reference_id":"?submit.506563","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:P/A:N"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:08:09Z/"}],"url":"https://vuldb.com/?submit.506563"}],"fixed_packages":[],"aliases":["BIT-pytorch-2025-2149","CVE-2025-2149","GHSA-x3gm-94wq-g975","PYSEC-2025-190"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pk92-rz69-3yh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121326?format=json","vulnerability_id":"VCID-q3dm-d63w-8ke1","summary":"pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55552.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55552.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55552","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35219","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35218","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35242","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3504","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55552"},{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"0e7d2a586297ae9c8ed14d8706749efc","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:31:03Z/"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116536","reference_id":"1116536","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116536"},{"reference_url":"https://github.com/pytorch/pytorch/issues/147847","reference_id":"147847","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:31:03Z/"}],"url":"https://github.com/pytorch/pytorch/issues/147847"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398192","reference_id":"2398192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89099?format=json","purl":"pkg:pypi/torch@2.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.9.0"}],"aliases":["BIT-pytorch-2025-55552","CVE-2025-55552","PYSEC-2025-204"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3dm-d63w-8ke1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121572?format=json","vulnerability_id":"VCID-qeu5-pq9f-s3a5","summary":"A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55553.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55553.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55553","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22084","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22265","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22287","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22275","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55553"},{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"0e7d2a586297ae9c8ed14d8706749efc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:28:46Z/"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116535","reference_id":"1116535","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116535"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151432","reference_id":"151432","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:28:46Z/"}],"url":"https://github.com/pytorch/pytorch/issues/151432"},{"reference_url":"https://github.com/pytorch/pytorch/pull/154645","reference_id":"154645","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T17:28:46Z/"}],"url":"https://github.com/pytorch/pytorch/pull/154645"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398193","reference_id":"2398193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398193"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89097?format=json","purl":"pkg:pypi/torch@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-3q35-68xe-eber"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-q3dm-d63w-8ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1"}],"aliases":["BIT-pytorch-2025-55553","CVE-2025-55553","PYSEC-2025-205"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qeu5-pq9f-s3a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121366?format=json","vulnerability_id":"VCID-t5p7-rh1r-7ufc","summary":"A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55557.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55557.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55557","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22084","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22265","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22287","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22275","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55557"},{"reference_url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc","reference_id":"0e7d2a586297ae9c8ed14d8706749efc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T16:13:29Z/"}],"url":"https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116533","reference_id":"1116533","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116533"},{"reference_url":"https://github.com/pytorch/pytorch/issues/151738","reference_id":"151738","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T16:13:29Z/"}],"url":"https://github.com/pytorch/pytorch/issues/151738"},{"reference_url":"https://github.com/pytorch/pytorch/pull/151931","reference_id":"151931","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-29T16:13:29Z/"}],"url":"https://github.com/pytorch/pytorch/pull/151931"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398190","reference_id":"2398190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89097?format=json","purl":"pkg:pypi/torch@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-3q35-68xe-eber"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-q3dm-d63w-8ke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1"}],"aliases":["BIT-pytorch-2025-55557","CVE-2025-55557","PYSEC-2025-207"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5p7-rh1r-7ufc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126422?format=json","vulnerability_id":"VCID-v1ar-89wu-jbd8","summary":"A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2953.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2953.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2953","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18645","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18668","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1865","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18488","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2953"},{"reference_url":"https://github.com/advisories/GHSA-3749-ghw9-m3mg","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3749-ghw9-m3mg"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-191.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-191.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2953","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2953"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102229","reference_id":"1102229","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102229"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149274","reference_id":"149274","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149274"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149274#issue-2923122269","reference_id":"149274#issue-2923122269","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149274#issue-2923122269"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356078","reference_id":"2356078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356078"},{"reference_url":"https://vuldb.com/?ctiid.302006","reference_id":"?ctiid.302006","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/"}],"url":"https://vuldb.com/?ctiid.302006"},{"reference_url":"https://vuldb.com/?id.302006","reference_id":"?id.302006","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/"}],"url":"https://vuldb.com/?id.302006"},{"reference_url":"https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models","reference_id":"SECURITY.md#untrusted-models","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/"}],"url":"https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models"},{"reference_url":"https://vuldb.com/?submit.521279","reference_id":"?submit.521279","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:06:10Z/"}],"url":"https://vuldb.com/?submit.521279"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378171?format=json","purl":"pkg:pypi/torch@2.7.1rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.1rc1"}],"aliases":["BIT-pytorch-2025-2953","CVE-2025-2953","GHSA-3749-ghw9-m3mg","PYSEC-2025-191"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1ar-89wu-jbd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97588?format=json","vulnerability_id":"VCID-vnkh-7d4b-rkab","summary":"In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the \"other\" argument.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46152.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46152","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29698","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29911","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29895","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46152"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116539","reference_id":"1116539","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116539"},{"reference_url":"https://github.com/pytorch/pytorch/issues/143555","reference_id":"143555","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:36:49Z/"}],"url":"https://github.com/pytorch/pytorch/issues/143555"},{"reference_url":"https://github.com/pytorch/pytorch/pull/143635","reference_id":"143635","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:36:49Z/"}],"url":"https://github.com/pytorch/pytorch/pull/143635"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398185","reference_id":"2398185","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398185"},{"reference_url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a","reference_id":"4bcefba4004f8271e64b5185c95a248a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:36:49Z/"}],"url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89096?format=json","purl":"pkg:pypi/torch@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-fg7m-epez-q3aq"},{"vulnerability":"VCID-m7ky-xnhx-4yh2"},{"vulnerability":"VCID-q3dm-d63w-8ke1"},{"vulnerability":"VCID-qeu5-pq9f-s3a5"},{"vulnerability":"VCID-t5p7-rh1r-7ufc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0"}],"aliases":["BIT-pytorch-2025-46152","CVE-2025-46152","PYSEC-2025-201"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnkh-7d4b-rkab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97587?format=json","vulnerability_id":"VCID-w8fa-1ev2-53ae","summary":"PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46153.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46153.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46153","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34409","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3459","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34611","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34586","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46153"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116538","reference_id":"1116538","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116538"},{"reference_url":"https://github.com/pytorch/pytorch/issues/142853","reference_id":"142853","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:30:09Z/"}],"url":"https://github.com/pytorch/pytorch/issues/142853"},{"reference_url":"https://github.com/pytorch/pytorch/pull/143460","reference_id":"143460","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:30:09Z/"}],"url":"https://github.com/pytorch/pytorch/pull/143460"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398183","reference_id":"2398183","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398183"},{"reference_url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a","reference_id":"4bcefba4004f8271e64b5185c95a248a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:30:09Z/"}],"url":"https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a"},{"reference_url":"https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a","reference_id":"e636f2e7a306105b7e96809e2b85c28a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:30:09Z/"}],"url":"https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a"},{"reference_url":"https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0","reference_id":"v2.6.0...v2.7.0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-25T18:30:09Z/"}],"url":"https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89096?format=json","purl":"pkg:pypi/torch@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-fg7m-epez-q3aq"},{"vulnerability":"VCID-m7ky-xnhx-4yh2"},{"vulnerability":"VCID-q3dm-d63w-8ke1"},{"vulnerability":"VCID-qeu5-pq9f-s3a5"},{"vulnerability":"VCID-t5p7-rh1r-7ufc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.7.0"}],"aliases":["BIT-pytorch-2025-46153","CVE-2025-46153","PYSEC-2025-202"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8fa-1ev2-53ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127541?format=json","vulnerability_id":"VCID-ysp6-geeh-zuaz","summary":"A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3000","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2392","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24104","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24126","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24118","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3000"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-194.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-194.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3000","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3000"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102232","reference_id":"1102232","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102232"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149623","reference_id":"149623","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149623"},{"reference_url":"https://github.com/pytorch/pytorch/issues/149623#issue-2935703015","reference_id":"149623#issue-2935703015","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/"}],"url":"https://github.com/pytorch/pytorch/issues/149623#issue-2935703015"},{"reference_url":"https://vuldb.com/?ctiid.302049","reference_id":"?ctiid.302049","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/"}],"url":"https://vuldb.com/?ctiid.302049"},{"reference_url":"https://github.com/advisories/GHSA-rrmf-rvhw-rf47","reference_id":"GHSA-rrmf-rvhw-rf47","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rrmf-rvhw-rf47"},{"reference_url":"https://vuldb.com/?id.302049","reference_id":"?id.302049","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/"}],"url":"https://vuldb.com/?id.302049"},{"reference_url":"https://vuldb.com/?submit.524197","reference_id":"?submit.524197","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T18:55:47Z/"}],"url":"https://vuldb.com/?submit.524197"}],"fixed_packages":[],"aliases":["BIT-pytorch-2025-3000","CVE-2025-3000","GHSA-rrmf-rvhw-rf47","PYSEC-2025-194"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysp6-geeh-zuaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126733?format=json","vulnerability_id":"VCID-zqwz-tjqc-wff3","summary":"A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2148","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24392","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24582","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24597","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24586","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2148"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2148","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2148"},{"reference_url":"https://github.com/advisories/GHSA-c678-jfcj-6jmf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c678-jfcj-6jmf"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-189.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-189.yaml"},{"reference_url":"https://github.com/pytorch/pytorch/blob/b0a67c7495bb11ecb23e556058db059ba48354af/torch/autograd/profiler.py#L990","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/pytorch/blob/b0a67c7495bb11ecb23e556058db059ba48354af/torch/autograd/profiler.py#L990"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2148","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2148"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102219","reference_id":"1102219","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102219"},{"reference_url":"https://github.com/pytorch/pytorch/issues/147722","reference_id":"147722","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:10:27Z/"}],"url":"https://github.com/pytorch/pytorch/issues/147722"},{"reference_url":"https://vuldb.com/?ctiid.299059","reference_id":"?ctiid.299059","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:10:27Z/"}],"url":"https://vuldb.com/?ctiid.299059"},{"reference_url":"https://vuldb.com/?id.299059","reference_id":"?id.299059","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:10:27Z/"}],"url":"https://vuldb.com/?id.299059"},{"reference_url":"https://vuldb.com/?submit.505959","reference_id":"?submit.505959","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:10:27Z/"}],"url":"https://vuldb.com/?submit.505959"}],"fixed_packages":[],"aliases":["BIT-pytorch-2025-2148","CVE-2025-2148","GHSA-c678-jfcj-6jmf","PYSEC-2025-189"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqwz-tjqc-wff3"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114798?format=json","vulnerability_id":"VCID-58ck-y4af-53b7","summary":"PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32434","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63084","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63092","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62982","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63096","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32434"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml"},{"reference_url":"https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32434","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32434"},{"reference_url":"https://github.com/advisories/GHSA-53q9-r3pm-6pq6","reference_id":"GHSA-53q9-r3pm-6pq6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-53q9-r3pm-6pq6"},{"reference_url":"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6","reference_id":"GHSA-53q9-r3pm-6pq6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-18T16:06:40Z/"}],"url":"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87461?format=json","purl":"pkg:pypi/torch@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cm1-gyvh-z3c7"},{"vulnerability":"VCID-3q35-68xe-eber"},{"vulnerability":"VCID-463b-5yr4-y3ag"},{"vulnerability":"VCID-5p5w-9up5-37gd"},{"vulnerability":"VCID-ecfu-68uk-vfcn"},{"vulnerability":"VCID-epa6-xw1j-4uch"},{"vulnerability":"VCID-fg7m-epez-q3aq"},{"vulnerability":"VCID-fqj6-hqe7-qyhp"},{"vulnerability":"VCID-gtgy-paaw-qkav"},{"vulnerability":"VCID-m7ky-xnhx-4yh2"},{"vulnerability":"VCID-p1wv-74nq-kfe7"},{"vulnerability":"VCID-pk92-rz69-3yh2"},{"vulnerability":"VCID-q3dm-d63w-8ke1"},{"vulnerability":"VCID-qeu5-pq9f-s3a5"},{"vulnerability":"VCID-t5p7-rh1r-7ufc"},{"vulnerability":"VCID-v1ar-89wu-jbd8"},{"vulnerability":"VCID-vnkh-7d4b-rkab"},{"vulnerability":"VCID-w8fa-1ev2-53ae"},{"vulnerability":"VCID-ysp6-geeh-zuaz"},{"vulnerability":"VCID-zqwz-tjqc-wff3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.6.0"}],"aliases":["BIT-pytorch-2025-32434","CVE-2025-32434","GHSA-53q9-r3pm-6pq6","PYSEC-2025-41"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58ck-y4af-53b7"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/torch@2.6.0"}