Pytorch

PyTorch 2.10.0 pt2 Loading Handler deserialization flaw local only
CVE-2026-4538 5.3 - Medium - March 22, 2026

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.

Marshaling, Unmarshaling

PyTorch weights_only unpickler memory corruption risk AOE before v2.10.0
CVE-2026-24747 8.8 - High - January 27, 2026

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.

Marshaling, Unmarshaling

PyTorch <2.7.0 FMP2D Inconsistent Results with torch.compile
CVE-2025-46150 5.3 - Medium - September 25, 2025

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.

PyTorch 2.6.0 nn.PairwiseDistance(p=2) incorrect results
CVE-2025-46148 5.3 - Medium - September 25, 2025

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.

PyTorch <=2.6.0 nn.Fold Assertion Error via Inductor
CVE-2025-46149 5.3 - Medium - September 25, 2025

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.

assertion failure

PyTorch<2.7.0 bitwise_right_shift OOB Value Bug
CVE-2025-46152 5.3 - Medium - September 25, 2025

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.

Memory Corruption

PyTorch <3.7.0 bernoulli_p decompose causes dropout1d/2d/3d loss
CVE-2025-46153 5.3 - Medium - September 25, 2025

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

Inefficient CPU Computation

Pytorch 2.8.0 torch.linalg.lu DoS via Slice Ops
CVE-2025-55551 7.5 - High - September 25, 2025

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

Resource Exhaustion

PyTorch 2.8.0 Unexpected Behavior with torch.rot90 + torch.randn_like
CVE-2025-55552 5.3 - Medium - September 25, 2025

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Incorrect Calculation

PyTorch 2.7.0 Syntax Error in proxy_tensor.py Causes DoS
CVE-2025-55553 7.5 - High - September 25, 2025

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

Uncaught Exception

PyTorch v2.8.0 int overflow in torch.nan_to_num.long() component
CVE-2025-55554 5.3 - Medium - September 25, 2025

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

Integer Overflow or Wraparound

PyTorch v2.7.0 Inductor DoS via Name Error in torch.cummin
CVE-2025-55557 7.5 - High - September 25, 2025

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).

Uncaught Exception

Buffer Overflow in PyTorch v2.7.0 Inductor-Compiled Conv2d HardShrink DoS
CVE-2025-55558 7.5 - High - September 25, 2025

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).

Resource Exhaustion

PyTorch 2.7.0 DoS via Inductor to_sparse/to_dense
CVE-2025-55560 7.5 - High - September 25, 2025

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

Resource Exhaustion

PyTorch 2.6.0+cu124 DoS via torch.cuda.nccl.reduce (NCCL)
CVE-2025-4287 3.3 - Low - May 05, 2025

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.

Improper Resource Shutdown or Release

PyTorch RCE via torch.load weights_only=True <2.6.0
CVE-2025-32434 - April 18, 2025

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

Marshaling, Unmarshaling

PyTorch 2.6.0+cu124: nnq_Sigmoid Quantized Sigmoid Module Improper Init
CVE-2025-2149 2.5 - Low - March 10, 2025

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Improper Initialization

PyTorch 2.6.0 cu124 Tuple Handler Memory Corruption
CVE-2025-2148 7.5 - High - March 10, 2025

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

Buffer Overflow

PyTorch <2.2.0 OOB Read via flatbuffer_loader.cpp
CVE-2024-31584 - April 19, 2024

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

UAF in torch/csrc/jit/mobile/interpreter.cpp before v2.2.0
CVE-2024-31583 - April 17, 2024

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.

Heap Buffer Overflow in PyTorch <=v2.2.0 vararg_functions.cpp DoS
CVE-2024-31580 - April 17, 2024

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

PyTorch JIT Annotation Parser Arbitrary Code Execution via eval
CVE-2022-45907 9.8 - Critical - November 26, 2022

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.

Code Injection