VYPR
Vendor

Pytorch

Products
4
CVEs
47
Across products
48
Status
Private

Products

4

Recent CVEs

47
View all 47 CVEs →
  • CVE-2025-54952CriAug 8, 2025
    risk 0.57cvss 9.8epss 0.01

    An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit…

  • CVE-2025-54951CriAug 7, 2025
    risk 0.57cvss 9.8epss 0.01

    A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.

  • CVE-2025-54950CriAug 7, 2025
    risk 0.57cvss 9.8epss 0.01

    An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005.

  • CVE-2025-54949CriAug 7, 2025
    risk 0.57cvss 9.8epss 0.01

    A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be

  • CVE-2025-30405CriAug 7, 2025
    risk 0.57cvss 9.8epss 0.01

    An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit…

  • CVE-2025-30404CriAug 7, 2025
    risk 0.57cvss 9.8epss 0.01

    An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.

  • CVE-2025-30402HigJul 11, 2025
    risk 0.46cvss 8.1epss 0.00

    A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

  • CVE-2024-6577MedMar 20, 2025
    risk 0.41cvss 6.3epss 0.00

    In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the…

  • CVE-2026-4538MedMar 22, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might…

  • CVE-2025-4287LowMay 5, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host.…

  • CVE-2023-43654Sep 28, 2023
    risk 0.03cvss epss 0.35

    TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to…

  • CVE-2024-48063Oct 29, 2024
    risk 0.02cvss epss 0.02

    In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

  • CVE-2026-24747Jan 27, 2026
    risk 0.00cvss epss 0.01

    PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt…

  • CVE-2025-63396Nov 12, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

  • CVE-2025-55554Sep 25, 2025
    risk 0.00cvss epss 0.00

    pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

  • CVE-2025-55557Sep 25, 2025
    risk 0.00cvss epss 0.00

    A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).

  • CVE-2025-46152Sep 25, 2025
    risk 0.00cvss epss 0.00

    In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.

  • CVE-2025-46149Sep 25, 2025
    risk 0.00cvss epss 0.00

    In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.

  • CVE-2025-55560Sep 25, 2025
    risk 0.00cvss epss 0.00

    An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

  • CVE-2025-55551Sep 25, 2025
    risk 0.00cvss epss 0.00

    An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.