VYPR

PyPI package

torch

pkg:pypi/torch

Vulnerabilities (7)

  • CVE-2025-32434Apr 18, 2025
    affected < 2.6.0fixed 2.6.0

    PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.

  • CVE-2025-3730Apr 16, 2025
    affected < 2.8.0fixed 2.8.0

    A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit h

  • CVE-2025-2953Mar 30, 2025
    affected < 2.7.1-rc1fixed 2.7.1-rc1

    A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the

  • CVE-2025-2148Mar 10, 2025
    affected <= 2.6.0

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. T

  • CVE-2024-31583Apr 17, 2024
    affected < 2.2.0fixed 2.2.0

    Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.

  • CVE-2024-31580Apr 17, 2024
    affected < 2.2.0fixed 2.2.0

    PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2022-45907CriNov 26, 2022
    affected < 1.13.1fixed 1.13.1

    In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.