CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46150
https://notcve.org/view.php?id=CVE-2025-46150
25 Sep 2025 — In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. • https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46152
https://notcve.org/view.php?id=CVE-2025-46152
25 Sep 2025 — In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. • https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46153
https://notcve.org/view.php?id=CVE-2025-46153
25 Sep 2025 — PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True. • https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a • CWE-1176: Inefficient CPU Computation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55551
https://notcve.org/view.php?id=CVE-2025-55551
25 Sep 2025 — An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. • https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55552
https://notcve.org/view.php?id=CVE-2025-55552
25 Sep 2025 — pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. • https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc • CWE-190: Integer Overflow or Wraparound CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55553
https://notcve.org/view.php?id=CVE-2025-55553
25 Sep 2025 — A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). • https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc • CWE-248: Uncaught Exception •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55554
https://notcve.org/view.php?id=CVE-2025-55554
25 Sep 2025 — pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). • https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55557
https://notcve.org/view.php?id=CVE-2025-55557
25 Sep 2025 — A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). • https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55558
https://notcve.org/view.php?id=CVE-2025-55558
25 Sep 2025 — A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). • https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59410 – Dragonfly tiny file download uses hard coded HTTP protocol
https://notcve.org/view.php?id=CVE-2025-59410
17 Sep 2025 — Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. This vulnerability is fixed in 2.1.0. These are all security issues fixed in the govulncheck-vulndb-0.0.20250924T192141-1.1 package on the GA medi... • https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf • CWE-311: Missing Encryption of Sensitive Data •