Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:pytorch:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductPytorch (d7909c80-f852-5bb9-b4c3-425a44329af9)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-4538 vulnerable 2026-06-08 08:05:13.502567 PyTorch pt2 Loading deserialization
MEDIUM (5.3)
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.
Published: 2026-03-22T04:20:28.356Z
Updated: 2026-03-23T16:21:46.022Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-4287 vulnerable 2026-06-08 07:29:15.979240 PyTorch nccl.py torch.cuda.nccl.reduce denial of service
LOW (3.3)
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.
Published: 2025-05-05T20:00:11.130Z
Updated: 2025-05-06T13:45:53.787Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-3730 vulnerable 2026-06-08 07:23:09.730484 PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service
LOW (3.3)
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.
Published: 2025-04-16T21:00:17.836Z
Updated: 2025-05-22T21:39:19.138Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-3136 vulnerable 2026-06-08 07:23:08.237276 PyTorch CUDACachingAllocator.cpp torch.cuda.memory.caching_allocator_delete memory corruption
LOW (3.3)
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Published: 2025-04-03T03:31:05.598Z
Updated: 2025-04-03T13:31:31.510Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-3121 vulnerable 2026-06-08 07:23:08.176629 PyTorch torch.jit.jit_module_from_flatbuffer memory corruption
LOW (3.3)
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Published: 2025-04-02T22:00:12.390Z
Updated: 2025-04-03T19:26:25.202Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-3001 vulnerable 2026-06-08 07:23:07.774022 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-3000 vulnerable 2026-06-08 07:23:07.772288 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-2999 vulnerable 2026-06-08 07:16:58.809684 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-2998 vulnerable 2026-06-08 07:16:58.807730 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-2953 vulnerable 2026-06-08 07:16:58.733703 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-2149 vulnerable 2026-06-08 07:14:58.175191 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-2148 vulnerable 2026-06-08 07:14:58.173941 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.