Linuxfoundation Pytorch — known CVE vulnerabilities
Every CVE whose affected-product data names Linuxfoundation Pytorch, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2022-45907 — CVSS 9.8 (critical): In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
CVE-2025-32434 — CVSS 9.8 (critical): PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based…
CVE-2024-48063 — CVSS 9.8 (critical): In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior…
CVE-2026-24747 — CVSS 8.8 (high): PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only`…
CVE-2024-31583 — CVSS 7.8 (high): Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
CVE-2025-55551 — CVSS 7.5 (high): An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice…
CVE-2025-55558 — CVSS 7.5 (high): A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and…
CVE-2025-55553 — CVSS 7.5 (high): A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVE-2025-55552 — CVSS 7.5 (high): pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVE-2025-55560 — CVSS 7.5 (high): An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and…
CVE-2025-55557 — CVSS 7.5 (high): A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of…
CVE-2024-31584 — CVSS 5.5 (medium): Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
CVE-2026-4538 — CVSS 5.3 (medium): A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The…
CVE-2025-2998 — CVSS 5.3 (medium): A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function…
CVE-2025-2999 — CVSS 5.3 (medium): A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_…
CVE-2025-3000 — CVSS 5.3 (medium): A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads…
CVE-2025-3001 — CVSS 5.3 (medium): A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The…
CVE-2025-46152 — CVSS 5.3 (medium): In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
CVE-2025-46153 — CVSS 5.3 (medium): PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU…
CVE-2025-55554 — CVSS 5.3 (medium): pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVE-2025-2148 — CVSS 5.0 (medium): A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function…
CVE-2024-31580 — CVSS 4.0 (medium): PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This…
CVE-2025-2953 — CVSS 3.3 (low): A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function…
CVE-2025-63396 — CVSS 3.3 (low): An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or…
CVE-2025-3136 — CVSS 3.3 (low): A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function…
CVE-2025-3121 — CVSS 3.3 (low): A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer…
CVE-2025-3730 — CVSS 3.3 (low): A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of…
CVE-2025-2149 — CVSS 2.5 (low): A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of…