VYPR

Vendor CVEs

PaddlePaddle

All CVEs

33 total · sorted by risk
  • CVE-2024-0917CriMar 7, 2024
    risk 0.64cvss 9.8epss 0.02

    remote code execution in paddlepaddle/paddle 2.6.0

  • CVE-2022-31523CriJul 11, 2022
    risk 0.61cvss 9.3epss 0.01

    The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

  • CVE-2022-46742CriDec 7, 2022
    risk 0.58cvss 10.0epss 0.01

    Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.

  • CVE-2023-38673CriJul 26, 2023
    risk 0.56cvss 9.6epss 0.02

    PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.

  • CVE-2023-52314CriJan 3, 2024
    risk 0.55cvss 9.6epss 0.01

    PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.

  • CVE-2023-52311CriJan 3, 2024
    risk 0.55cvss 9.6epss 0.01

    PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.

  • CVE-2023-52310CriJan 3, 2024
    risk 0.55cvss 9.6epss 0.01

    PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.

  • CVE-2024-0818CriMar 7, 2024
    risk 0.52cvss 9.1epss 0.01

    Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6

  • CVE-2024-0521HigJan 20, 2024
    risk 0.51cvss 7.8epss 0.00

    Code Injection in paddlepaddle/paddle

  • CVE-2024-0815HigMar 7, 2024
    risk 0.50cvss 8.8epss 0.01

    Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0

  • CVE-2024-1603HigMar 23, 2024
    risk 0.49cvss 7.5epss 0.01

    paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.

  • CVE-2023-38671HigJul 26, 2023
    risk 0.47cvss 8.3epss 0.01

    Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.

  • CVE-2023-38669HigJul 26, 2023
    risk 0.47cvss 8.3epss 0.01

    Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.

  • CVE-2023-52309HigJan 3, 2024
    risk 0.46cvss 8.2epss 0.01

    Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.

  • CVE-2023-52307HigJan 3, 2024
    risk 0.46cvss 8.2epss 0.01

    Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

  • CVE-2023-52304HigJan 3, 2024
    risk 0.46cvss 8.2epss 0.01

    Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

  • CVE-2024-0817HigMar 7, 2024
    risk 0.44cvss 7.8epss 0.01

    Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0

  • CVE-2022-46741HigDec 7, 2022
    risk 0.39cvss 7.1epss 0.01

    Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. 

  • CVE-2023-52313MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-52312MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-52308MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-52306MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-52305MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-52303MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-52302MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.01

    Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-38678MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-38677MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-38676MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-38675MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-38674MedJan 3, 2024
    risk 0.24cvss 4.7epss 0.00

    FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-38672MedJul 26, 2023
    risk 0.24cvss 4.7epss 0.01

    FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.

  • CVE-2023-38670MedJul 26, 2023
    risk 0.24cvss 4.7epss 0.01

    Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.

  • CVE-2026-10800LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires…

VYPR — Vulnerability Intelligence