Every CVE whose affected-product data names Linuxfoundation Onnx, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-51480 — CVSS 8.8 (high): Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files…
CVE-2024-5187 — CVSS 8.8 (high): A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file…
CVE-2026-34445 — CVSS 8.6 (high): Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the…
CVE-2026-28500 — CVSS 8.6 (high): Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a…
CVE-2022-25882 — CVSS 7.5 (high): Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a…
CVE-2024-27318 — CVSS 7.5 (high): Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor…
CVE-2026-27489 — CVSS 7.5 (high): Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal…
CVE-2026-34447 — CVSS 5.5 (medium): Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink…
CVE-2026-34446 — CVSS 4.7 (medium): Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue…
CVE-2024-27319 — CVSS 4.4 (medium): Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions…