CVE & Exploit Intelligence Database

CVE-2026-24747 8.8 HIGH EPSS 0.00

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.

CWE-94 Jan 27, 2026

CVE-2025-63396 3.3 LOW EPSS 0.00

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

CWE-667 Nov 12, 2025

CVE-2025-55560 7.5 HIGH EPSS 0.00

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

CWE-400 Sep 25, 2025

CVE-2025-55558 7.5 HIGH EPSS 0.00

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).

CWE-400 Sep 25, 2025

CVE-2025-55557 7.5 HIGH EPSS 0.00

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).

CWE-248 Sep 25, 2025

CVE-2025-55554 5.3 MEDIUM EPSS 0.00

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

CWE-190 Sep 25, 2025

CVE-2025-55553 7.5 HIGH EPSS 0.00

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

CWE-248 Sep 25, 2025

CVE-2025-55552 7.5 HIGH EPSS 0.00

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

CWE-190 Sep 25, 2025

CVE-2025-55551 7.5 HIGH EPSS 0.00

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

CWE-400 Sep 25, 2025

CVE-2025-46153 5.3 MEDIUM EPSS 0.00

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

CWE-1176 Sep 25, 2025

CVE-2025-46152 5.3 MEDIUM EPSS 0.00

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.

CWE-787 Sep 25, 2025

CVE-2025-46150 5.3 MEDIUM EPSS 0.00

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.

Sep 25, 2025

CVE-2025-46149 5.3 MEDIUM EPSS 0.00

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.

CWE-617 Sep 25, 2025

CVE-2025-46148 5.3 MEDIUM EPSS 0.00

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.

Sep 25, 2025

CVE-2025-32434 9.8 CRITICAL 4 PoCs Analysis EPSS 0.01

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

CWE-502 Apr 18, 2025

CVE-2025-3730 3.3 LOW 1 Writeup EPSS 0.00

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.

CWE-404 Apr 16, 2025

CVE-2025-3136 3.3 LOW EPSS 0.00

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CWE-119 Apr 03, 2025

CVE-2025-3121 3.3 LOW EPSS 0.00

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CWE-119 Apr 02, 2025

CVE-2025-3001 5.3 MEDIUM EPSS 0.00

A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CWE-119 Mar 31, 2025

CVE-2025-3000 5.3 MEDIUM EPSS 0.00

A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CWE-119 Mar 31, 2025