VYPR

PyPI package

pytorch-lightning

pkg:pypi/pytorch-lightning

Vulnerabilities (5)

  • CVE-2026-44484CriMay 14, 2026

    PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

  • CVE-2024-8020Mar 20, 2025
    affected <= 2.3.2

    A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which re

  • CVE-2024-8019Mar 20, 2025
    affected < 2.4.0fixed 2.4.0

    In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filenam

  • CVE-2022-0845Mar 5, 2022
    affected < 1.6.0fixed 1.6.0

    Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.

  • CVE-2021-4118Dec 23, 2021
    affected < 1.6.0fixed 1.6.0

    pytorch-lightning is vulnerable to Deserialization of Untrusted Data