PyPI package
pytorch-lightning
pkg:pypi/pytorch-lightning
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44484 | Cri | 9.8 | — | — | May 14, 2026 | PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism. | |
| CVE-2024-8020 | — | <= 2.3.2 | — | Mar 20, 2025 | A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which re | ||
| CVE-2024-8019 | — | < 2.4.0 | 2.4.0 | Mar 20, 2025 | In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filenam | ||
| CVE-2022-0845 | — | < 1.6.0 | 1.6.0 | Mar 5, 2022 | Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | ||
| CVE-2021-4118 | — | < 1.6.0 | 1.6.0 | Dec 23, 2021 | pytorch-lightning is vulnerable to Deserialization of Untrusted Data |
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.
- CVE-2024-8020Mar 20, 2025affected <= 2.3.2
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which re
- CVE-2024-8019Mar 20, 2025affected < 2.4.0fixed 2.4.0
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filenam
- CVE-2022-0845Mar 5, 2022affected < 1.6.0fixed 1.6.0
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
- CVE-2021-4118Dec 23, 2021affected < 1.6.0fixed 1.6.0
pytorch-lightning is vulnerable to Deserialization of Untrusted Data