Pytorch Pytorch

  1. Vendors
  2. Pytorch

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Pytorch product.

RSS Feeds for Pytorch security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Pytorch products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Pytorch Sorted by Most Security Vulnerabilities since 2018

Pytorch22 vulnerabilities

Pytorch Torchserve2 vulnerabilities

By the Year

In 2026 there have been 2 vulnerabilities in Pytorch with an average score of 7.1 out of ten. Last year, in 2025 Pytorch had 16 security vulnerabilities published. Right now, Pytorch is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.19.




Year Vulnerabilities Average Score
2026 2 7.05
2025 16 5.86
2024 3 0.00
2023 2 7.55
2022 1 9.80

It may take a day or so for new Pytorch vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Pytorch Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-4538 Mar 22, 2026
PyTorch 2.10.0 pt2 Loading Handler deserialization flaw local only A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.
Pytorch
CVE-2026-24747 Jan 27, 2026
PyTorch weights_only unpickler memory corruption risk AOE before v2.10.0 PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.
Pytorch
CVE-2025-46152 Sep 25, 2025
PyTorch<2.7.0 bitwise_right_shift OOB Value Bug In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
Pytorch
CVE-2025-46148 Sep 25, 2025
PyTorch 2.6.0 nn.PairwiseDistance(p=2) incorrect results In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
Pytorch
CVE-2025-46149 Sep 25, 2025
PyTorch <=2.6.0 nn.Fold Assertion Error via Inductor In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
Pytorch
CVE-2025-46150 Sep 25, 2025
PyTorch <2.7.0 FMP2D Inconsistent Results with torch.compile In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
Pytorch
CVE-2025-46153 Sep 25, 2025
PyTorch <3.7.0 bernoulli_p decompose causes dropout1d/2d/3d loss PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
Pytorch
CVE-2025-55551 Sep 25, 2025
Pytorch 2.8.0 torch.linalg.lu DoS via Slice Ops An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
Pytorch
CVE-2025-55552 Sep 25, 2025
PyTorch 2.8.0 Unexpected Behavior with torch.rot90 + torch.randn_like pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
Pytorch
CVE-2025-55553 Sep 25, 2025
PyTorch 2.7.0 Syntax Error in proxy_tensor.py Causes DoS A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
Pytorch
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.