{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71244?format=json","vulnerability_id":"VCID-h59a-wm58-qfdp","summary":"The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechanism. The load_checkpoint() function in checkpoint.py and the checkpoint loading code in eval.py use torch.load() without enabling the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing a maliciously crafted checkpoint file. When a victim loads this checkpoint during model warmstarting or evaluation, arbitrary code is executed on the victim's system.","aliases":[{"alias":"CVE-2026-31253"},{"alias":"GHSA-7g5w-pq96-8c5w"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068231?format=json","purl":"pkg:pypi/flash-attn@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1068232?format=json","purl":"pkg:pypi/flash-attn@0.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@0.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068233?format=json","purl":"pkg:pypi/flash-attn@0.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@0.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068234?format=json","purl":"pkg:pypi/flash-attn@0.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@0.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068235?format=json","purl":"pkg:pypi/flash-attn@0.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@0.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1068236?format=json","purl":"pkg:pypi/flash-attn@0.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@0.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068237?format=json","purl":"pkg:pypi/flash-attn@0.2.6.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@0.2.6.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068238?format=json","purl":"pkg:pypi/flash-attn@0.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@0.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068239?format=json","purl":"pkg:pypi/flash-attn@0.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@0.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068240?format=json","purl":"pkg:pypi/flash-attn@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1068241?format=json","purl":"pkg:pypi/flash-attn@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068242?format=json","purl":"pkg:pypi/flash-attn@1.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068243?format=json","purl":"pkg:pypi/flash-attn@1.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068244?format=json","purl":"pkg:pypi/flash-attn@1.0.3.post0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.3.post0"},{"url":"http://public2.vulnerablecode.io/api/packages/1068245?format=json","purl":"pkg:pypi/flash-attn@1.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1068246?format=json","purl":"pkg:pypi/flash-attn@1.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068247?format=json","purl":"pkg:pypi/flash-attn@1.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1068248?format=json","purl":"pkg:pypi/flash-attn@1.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068249?format=json","purl":"pkg:pypi/flash-attn@1.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068250?format=json","purl":"pkg:pypi/flash-attn@1.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@1.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068251?format=json","purl":"pkg:pypi/flash-attn@2.0.0.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.0.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068252?format=json","purl":"pkg:pypi/flash-attn@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068253?format=json","purl":"pkg:pypi/flash-attn@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068254?format=json","purl":"pkg:pypi/flash-attn@2.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068255?format=json","purl":"pkg:pypi/flash-attn@2.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1068256?format=json","purl":"pkg:pypi/flash-attn@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068257?format=json","purl":"pkg:pypi/flash-attn@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1068258?format=json","purl":"pkg:pypi/flash-attn@2.0.6.post2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.6.post2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068259?format=json","purl":"pkg:pypi/flash-attn@2.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068260?format=json","purl":"pkg:pypi/flash-attn@2.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068261?format=json","purl":"pkg:pypi/flash-attn@2.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/1068262?format=json","purl":"pkg:pypi/flash-attn@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1068263?format=json","purl":"pkg:pypi/flash-attn@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068264?format=json","purl":"pkg:pypi/flash-attn@2.1.2.post3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.1.2.post3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068265?format=json","purl":"pkg:pypi/flash-attn@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1068266?format=json","purl":"pkg:pypi/flash-attn@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068267?format=json","purl":"pkg:pypi/flash-attn@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068268?format=json","purl":"pkg:pypi/flash-attn@2.2.3.post2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.2.3.post2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068269?format=json","purl":"pkg:pypi/flash-attn@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1068270?format=json","purl":"pkg:pypi/flash-attn@2.2.4.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.2.4.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068271?format=json","purl":"pkg:pypi/flash-attn@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068272?format=json","purl":"pkg:pypi/flash-attn@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1068273?format=json","purl":"pkg:pypi/flash-attn@2.3.1.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.3.1.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068274?format=json","purl":"pkg:pypi/flash-attn@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068275?format=json","purl":"pkg:pypi/flash-attn@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068276?format=json","purl":"pkg:pypi/flash-attn@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1068277?format=json","purl":"pkg:pypi/flash-attn@2.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068278?format=json","purl":"pkg:pypi/flash-attn@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1068279?format=json","purl":"pkg:pypi/flash-attn@2.4.0.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.4.0.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068280?format=json","purl":"pkg:pypi/flash-attn@2.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068281?format=json","purl":"pkg:pypi/flash-attn@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068282?format=json","purl":"pkg:pypi/flash-attn@2.4.3.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.4.3.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068283?format=json","purl":"pkg:pypi/flash-attn@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1068284?format=json","purl":"pkg:pypi/flash-attn@2.5.1.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.1.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068285?format=json","purl":"pkg:pypi/flash-attn@2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068286?format=json","purl":"pkg:pypi/flash-attn@2.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068287?format=json","purl":"pkg:pypi/flash-attn@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1068288?format=json","purl":"pkg:pypi/flash-attn@2.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068289?format=json","purl":"pkg:pypi/flash-attn@2.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1068290?format=json","purl":"pkg:pypi/flash-attn@2.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068291?format=json","purl":"pkg:pypi/flash-attn@2.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068292?format=json","purl":"pkg:pypi/flash-attn@2.5.9.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.5.9.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068293?format=json","purl":"pkg:pypi/flash-attn@2.6.0.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.6.0.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068294?format=json","purl":"pkg:pypi/flash-attn@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068295?format=json","purl":"pkg:pypi/flash-attn@2.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068296?format=json","purl":"pkg:pypi/flash-attn@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068297?format=json","purl":"pkg:pypi/flash-attn@2.7.0.post2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.7.0.post2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068298?format=json","purl":"pkg:pypi/flash-attn@2.7.1.post4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.7.1.post4"},{"url":"http://public2.vulnerablecode.io/api/packages/1068299?format=json","purl":"pkg:pypi/flash-attn@2.7.2.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.7.2.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068300?format=json","purl":"pkg:pypi/flash-attn@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068301?format=json","purl":"pkg:pypi/flash-attn@2.7.4.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.7.4.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068302?format=json","purl":"pkg:pypi/flash-attn@2.8.0.post2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.8.0.post2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068303?format=json","purl":"pkg:pypi/flash-attn@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1068304?format=json","purl":"pkg:pypi/flash-attn@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1068305?format=json","purl":"pkg:pypi/flash-attn@2.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h59a-wm58-qfdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flash-attn@2.8.3"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31253","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14925","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1625","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16281","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16272","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31253"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31253","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31253"},{"reference_url":"https://www.notion.so/CVE-2026-31253-35d1e1393188813f9e77e2038104bc49","reference_id":"CVE-2026-31253-35d1e1393188813f9e77e2038104bc49","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T19:32:06Z/"}],"url":"https://www.notion.so/CVE-2026-31253-35d1e1393188813f9e77e2038104bc49"},{"reference_url":"https://github.com/Dao-AILab/flash-attention","reference_id":"flash-attention","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T19:32:06Z/"}],"url":"https://github.com/Dao-AILab/flash-attention"},{"reference_url":"https://github.com/advisories/GHSA-7g5w-pq96-8c5w","reference_id":"GHSA-7g5w-pq96-8c5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g5w-pq96-8c5w"}],"weaknesses":[{"cwe_id":94,"name":"Improper Control of Generation of Code ('Code Injection')","description":"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h59a-wm58-qfdp"}