Lightningai Pytorch Lightning — known CVE vulnerabilities
Every CVE whose affected-product data names Lightningai Pytorch Lightning, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2026-44484 — CVSS 9.8 (critical): PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality…
CVE-2024-5452 — CVSS 9.8 (critical): A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of…
CVE-2024-5980 — CVSS 9.8 (critical): A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when…
CVE-2024-8019 — CVSS 9.1 (critical): In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The…
CVE-2026-31221 — CVSS 7.8 (high): PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading…
CVE-2024-8020 — CVSS 7.5 (high): A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected…