pkg:PyPI/torch
35 total CVEsCRITICAL5HIGH12MEDIUM8LOW4
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2025-32434PyTorch: `torch.load` with `weights_only=True` leads to remote code executionfrom 0, < 2.6.0
- CRITICAL9.8CVE-2025-32434PyTorch: `torch.load` with `weights_only=True` leads to remote code executionfrom 0, < 2.6.0
- from 0, < 2.5.0
- from 0, < 767f6aa49fe20a2766b9843d01e3b7f7793df6a3 | from 0, < 1.13.1
- from 0, < 1.13.1
- from 0, <= 2.10.0
- from 0, < 9c7071b0e324f9fb68ab881283d6b8d388a4bcd2, < 9c7071b0e324f9fb68ab881283d6b8d388a4bcd2 | from 0, < 2.2.0
- from 0, < 2.2.0
- HIGH7.5CVE-2025-55560An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor…from 0, < 2.7.1
- HIGH7.5CVE-2025-55558A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tens…from 0, < 2.7.1
- HIGH7.5CVE-2025-55557A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Ser…from 0, < 2.7.1
- HIGH7.5CVE-2025-55553A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).from 0, < 2.7.1
- HIGH7.5CVE-2025-55552pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.from 0, < 2.9.0
- HIGH7.5CVE-2025-55551An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice ope…from 0, < 2.9.0
- HIGH7.5CVE-2025-2148PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruptionfrom 0, <= 2.6.0-cu124
- from 0, < 2.2.0
- from 0, < b5c3a17c2c207ebefcb85043f0cf94be9b2fef81, < b5c3a17c2c207ebefcb85043f0cf94be9b2fef81 | from 0, < 2.2.0
- from 0, <= 2.6.0-NA
- MEDIUM5.5CVE-2024-31584Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.from 0, < 7c35874ad664e74c8e4252d67521f3986eadb0e6, < 7c35874ad664e74c8e4252d67521f3986eadb0e6 | from 0, < 2.2.0
- MEDIUM5.3CVE-2025-55554pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().from 0, < 2.9.0
- MEDIUM5.3CVE-2025-46153PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU imp…>= 2.6.0, < 2.7.0
- MEDIUM5.3CVE-2025-46152In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.>= 2.6.0, < 2.7.0
- MEDIUM5.3CVE-2025-46150In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.>= 2.6.0, < 2.7.0
- MEDIUM5.3CVE-2025-46149In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.>= 2.6.0, < 2.7.0
- MEDIUM5.3CVE-2025-46148In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.from 0, < 2.7.0
- from 0, <= 2.5.0-NA, <= 2.7.1-NA
- from 0, < 2.8.0
- from 0, < 2.7.1-rc1
- from 0, <= 2.6.0+cu124
- —CVE-2025-3136PyTorch CUDACachingAllocator.cpp torch.cuda.memory.caching_allocator_delete memory corruptionfrom 0, <= 2.6.0-NA
- from 0, <= 2.6.0-NA
- from 0, <= 2.6.0-NA
- from 0, <= 2.6.0-NA
- from 0, <= 2.6.0-NA
- from 0, <= 2.6.0-cu124