All projects

Security context

What an agent needs to avoid regressing past fixes — and find the next bug in this project.

PyTorch
pytorch/pytorch

Tensors and dynamic neural networks in Python.

PyPI · torch
43
Advisories
43
CVEs
Critical
Peak severity
30
With fix diff

Distribution

By severity

Critical
4
High
11
Medium
11
Low
7
Unrated
10

By weakness class

Other
35
Memory Safety
5
Deserialization
1
Use After Free
1
Command Injection
1

Every fixed vulnerability (43)

High11 fixed
HighA vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be pe3mo agoHighPyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.5mo agoHighAn issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.9mo agoHighA buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a 9mo agoHighA Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).9mo agoHighA syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).9mo agoHighpytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.9mo agoHighAn issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.9mo agoHighA vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tu1y agoHighPyTorch heap buffer overflow vulnerability2y agoHighPytorch use-after-free vulnerability2y ago
Medium11 fixed
Mediumpytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().9mo agoMediumPyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d,9mo agoMediumIn PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.9mo agoMediumIn PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.9mo agoMediumIn PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.9mo agoMediumIn PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.9mo agoMediumPyTorch Improper Resource Shutdown or Release vulnerability1y agoMediumA vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is r1y agoMediumPyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function1y agoMediumPyTorch is vulnerable to memory corruption through its unpack_sequence function1y agoMediumA vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service1y ago
Unrated10 fixed
UnratedA vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAlloca1y agoUnratedA vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approach1y agoUnratedA vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on 1y agoUnratedA vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attac1y agoUnratedA vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory co1y agoUnratedA vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of th1y agoUnratedPytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.2y agoUnratedPytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.2y agoUnratedPyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (D2y agoUnratedIn PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.3y ago