Bitnami package

pytorch

pkg:bitnami/pytorch

Vulnerabilities (31)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-4538	Med	5.3	>= 2.10.0, < 2.11.0	2.11.0	Mar 22, 2026	A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be
CVE-2026-24747		—	< 2.10.0	2.10.0	Jan 27, 2026	PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt m
CVE-2025-63396		—	>= 2.5.0, < 2.5.1	2.5.1	Nov 12, 2025	An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).
CVE-2025-55560		—	< 2.7.1	2.7.1	Sep 25, 2025	An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
CVE-2025-55558		—	< 2.7.1	2.7.1	Sep 25, 2025	A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
CVE-2025-55557		—	< 2.7.1	2.7.1	Sep 25, 2025	A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
CVE-2025-55554		—	< 2.9.0	2.9.0	Sep 25, 2025	pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVE-2025-55553		—	< 2.7.1	2.7.1	Sep 25, 2025	A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVE-2025-55552		—	< 2.9.0	2.9.0	Sep 25, 2025	pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVE-2025-55551		—	< 2.9.0	2.9.0	Sep 25, 2025	An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
CVE-2025-46153		—	>= 2.6.0, < 2.7.0	2.7.0	Sep 25, 2025	PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
CVE-2025-46152		—	>= 2.6.0, < 2.7.0	2.7.0	Sep 25, 2025	In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
CVE-2025-46150		—	>= 2.6.0, < 2.7.0	2.7.0	Sep 25, 2025	In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
CVE-2025-46149		—	>= 2.6.0, < 2.7.0	2.7.0	Sep 25, 2025	In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
CVE-2025-46148		—	< 2.7.0	2.7.0	Sep 25, 2025	In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
CVE-2025-32434		—	< 2.6.0	2.6.0	Apr 18, 2025	PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.
CVE-2025-3730		—	>= 2.6.0, < 2.7.0	2.7.0	Apr 16, 2025	A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit h
CVE-2025-3136		—	>= 2.6.0, < 2.7.0	2.7.0	Apr 3, 2025	A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approa
CVE-2025-3121		—	>= 2.6.0, < 2.7.0	2.7.0	Apr 2, 2025	A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public an
CVE-2025-3001		—	>= 2.6.0, < 2.7.0	2.7.0	Mar 31, 2025	A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2026-4538MedMar 22, 2026
affected >= 2.10.0, < 2.11.0fixed 2.11.0
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be
CVE-2026-24747Jan 27, 2026
affected < 2.10.0fixed 2.10.0
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt m
CVE-2025-63396Nov 12, 2025
affected >= 2.5.0, < 2.5.1fixed 2.5.1
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).
CVE-2025-55560Sep 25, 2025
affected < 2.7.1fixed 2.7.1
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
CVE-2025-55558Sep 25, 2025
affected < 2.7.1fixed 2.7.1
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
CVE-2025-55557Sep 25, 2025
affected < 2.7.1fixed 2.7.1
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
CVE-2025-55554Sep 25, 2025
affected < 2.9.0fixed 2.9.0
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVE-2025-55553Sep 25, 2025
affected < 2.7.1fixed 2.7.1
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVE-2025-55552Sep 25, 2025
affected < 2.9.0fixed 2.9.0
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVE-2025-55551Sep 25, 2025
affected < 2.9.0fixed 2.9.0
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
CVE-2025-46153Sep 25, 2025
affected >= 2.6.0, < 2.7.0fixed 2.7.0
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
CVE-2025-46152Sep 25, 2025
affected >= 2.6.0, < 2.7.0fixed 2.7.0
In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
CVE-2025-46150Sep 25, 2025
affected >= 2.6.0, < 2.7.0fixed 2.7.0
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
CVE-2025-46149Sep 25, 2025
affected >= 2.6.0, < 2.7.0fixed 2.7.0
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
CVE-2025-46148Sep 25, 2025
affected < 2.7.0fixed 2.7.0
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
CVE-2025-32434Apr 18, 2025
affected < 2.6.0fixed 2.6.0
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.
CVE-2025-3730Apr 16, 2025
affected >= 2.6.0, < 2.7.0fixed 2.7.0
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit h
CVE-2025-3136Apr 3, 2025
affected >= 2.6.0, < 2.7.0fixed 2.7.0
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approa
CVE-2025-3121Apr 2, 2025
affected >= 2.6.0, < 2.7.0fixed 2.7.0
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public an
CVE-2025-3001Mar 31, 2025
affected >= 2.6.0, < 2.7.0fixed 2.7.0
A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Page 1 of 2