📦

pytorch

Vendor: linuxfoundation

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 4 Remote Access

Total CVEs 56 Total Indexed

Avg. EPSS 0.92% Exploit Prob.

Latest CVE CVE-2026-4538 Mar 22

Security Vulnerability Index

Page 1 / 6

1.9 CVSS

CVE-2026-4538

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.

EPSS: 0.03%

Severity: LOW

Mar 22, 2026

8.8 CVSS

CVE-2026-24747

RCE

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.

EPSS: 0.07%

Severity: HIGH

Jan 27, 2026

3.3 CVSS

CVE-2025-63396

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

EPSS: 0.03%

Severity: LOW

Nov 12, 2025

7.5 CVSS

CVE-2025-55560

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

EPSS: 0.16%

Severity: HIGH

Sep 25, 2025

7.5 CVSS

CVE-2025-55558

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).

EPSS: 0.12%

Severity: HIGH

Sep 25, 2025

7.5 CVSS

CVE-2025-55557

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).

EPSS: 0.07%

Severity: HIGH

Sep 25, 2025

5.3 CVSS

CVE-2025-55554

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

EPSS: 0.06%

Severity: MEDIUM

Sep 25, 2025

7.5 CVSS

CVE-2025-55553

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

EPSS: 0.07%

Severity: HIGH

Sep 25, 2025

7.5 CVSS

CVE-2025-55552

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

EPSS: 0.11%

Severity: HIGH

Sep 25, 2025

7.5 CVSS

CVE-2025-55551

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

EPSS: 0.11%

Severity: HIGH

Sep 25, 2025

Displaying 10 of 56 Total Entries

1 2 3 4 5 ... 6

Total 6 Sections