PyPI package
torch
pkg:pypi/torch
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32434 | — | < 2.6.0 | 2.6.0 | Apr 18, 2025 | PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch. | ||
| CVE-2025-3730 | — | < 2.8.0 | 2.8.0 | Apr 16, 2025 | A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit h | ||
| CVE-2025-2953 | — | < 2.7.1-rc1 | 2.7.1-rc1 | Mar 30, 2025 | A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the | ||
| CVE-2025-2148 | — | <= 2.6.0 | — | Mar 10, 2025 | A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. T | ||
| CVE-2024-31583 | — | < 2.2.0 | 2.2.0 | Apr 17, 2024 | Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. | ||
| CVE-2024-31580 | — | < 2.2.0 | 2.2.0 | Apr 17, 2024 | PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||
| CVE-2022-45907 | Cri | 9.8 | < 1.13.1 | 1.13.1 | Nov 26, 2022 | In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. |
- CVE-2025-32434Apr 18, 2025affected < 2.6.0fixed 2.6.0
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.
- CVE-2025-3730Apr 16, 2025affected < 2.8.0fixed 2.8.0
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit h
- CVE-2025-2953Mar 30, 2025affected < 2.7.1-rc1fixed 2.7.1-rc1
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the
- CVE-2025-2148Mar 10, 2025affected <= 2.6.0
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. T
- CVE-2024-31583Apr 17, 2024affected < 2.2.0fixed 2.2.0
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
- CVE-2024-31580Apr 17, 2024affected < 2.2.0fixed 2.2.0
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- affected < 1.13.1fixed 1.13.1
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.