CVE-2026-4538

all versions

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler

5.3MEDIUM

CVE-2026-24747

< 2.10.0

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weights_only

8.8HIGH

CVE-2025-63396

all versions

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to

3.3LOW

CVE-2025-55560

<= 2.7.0

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and tor

7.5HIGH

CVE-2025-55558

<= 2.7.0

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and t

7.5HIGH

CVE-2025-55557

<= 2.7.0

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Deni

7.5HIGH

CVE-2025-55554

<= 2.8.0

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

5.3MEDIUM

CVE-2025-55553

<= 2.7.0

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

7.5HIGH

CVE-2025-55552

<= 2.8.0

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used togethe

7.5HIGH

CVE-2025-55551

<= 2.8.0

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a

7.5HIGH

CVE-2025-46153

>= 2.6.0 and < 2.7.0

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eage

5.3MEDIUM

CVE-2025-46152

>= 2.6.0 and < 2.7.0

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.

5.3MEDIUM

CVE-2025-46150

>= 2.6.0 and < 2.7.0

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.

5.3MEDIUM

CVE-2025-46149

>= 2.6.0 and < 2.7.0

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.

5.3MEDIUM

CVE-2025-46148

<= 2.6.0

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.

5.3MEDIUM

CVE-2025-32434

< 2.6.0

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape

9.8CRITICAL

CVE-2025-3730

all versions

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc

3.3LOW

CVE-2025-3136

all versions

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.

3.3LOW

CVE-2025-3121

all versions

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flat

3.3LOW

CVE-2025-3001

all versions

A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The ma

5.3MEDIUM

CVE-2025-3000

all versions

A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulati

5.3MEDIUM

CVE-2025-2999

all versions

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.r

5.3MEDIUM

CVE-2025-2998

all versions

A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch

5.3MEDIUM

CVE-2025-2953

all versions

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the functio

3.3LOW

CVE-2025-2149

all versions

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sig

2.5LOW

CVE-2025-2148

all versions

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function

5.0MEDIUM

CVE-2024-48063

<= 2.4.1

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended

9.8CRITICAL

CVE-2024-35199

>= 0.3.0 and < 0.11.0

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two g

8.2HIGH

CVE-2024-35198

>= 0.4.2 and < 0.11.0

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed

9.8CRITICAL

CVE-2024-31584

< 2.2.0

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

5.5MEDIUM

CVE-2024-31583

< 2.2.0

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.

7.8HIGH

CVE-2024-31580

< 2.2.0

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cp

4.0MEDIUM

CVE-2023-48299

>= 0.1.0 and < 0.9.0

TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, u

5.3MEDIUM

CVE-2023-43654

>= 0.1.0 and < 0.8.2

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input val

10.0CRITICAL

CVE-2022-45907

< 1.13.1

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsaf

9.8CRITICAL