Vendor
Pytorch
Products
3
CVEs
11
Across products
11
Status
Private
Products
3- 7 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54952 | Cri | 0.57 | 9.8 | 0.00 | Aug 8, 2025 | An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b. | |
| CVE-2025-54951 | Cri | 0.57 | 9.8 | 0.00 | Aug 7, 2025 | A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c. | |
| CVE-2025-54950 | Cri | 0.57 | 9.8 | 0.00 | Aug 7, 2025 | An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005. | |
| CVE-2025-54949 | Cri | 0.57 | 9.8 | 0.00 | Aug 7, 2025 | A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be | |
| CVE-2025-30405 | Cri | 0.57 | 9.8 | 0.00 | Aug 7, 2025 | An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73. | |
| CVE-2025-30404 | Cri | 0.57 | 9.8 | 0.00 | Aug 7, 2025 | An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006. | |
| CVE-2025-30402 | Hig | 0.46 | 8.1 | 0.00 | Jul 11, 2025 | A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f | |
| CVE-2026-24747 | 0.00 | — | 0.00 | Jan 27, 2026 | PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue. | ||
| CVE-2025-32434 | 0.00 | — | 0.01 | Apr 18, 2025 | PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0. | ||
| CVE-2022-0845 | 0.00 | — | 0.00 | Mar 5, 2022 | Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | ||
| CVE-2021-4118 | 0.00 | — | 0.00 | Dec 23, 2021 | pytorch-lightning is vulnerable to Deserialization of Untrusted Data |