Shodan
Vulnerabilities
Vulnerable Software
Linuxfoundation:  >> Pytorch  >> 2.4.0  Security Vulnerabilities
CVE-2026-24747
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-27
CVE-2025-55560
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
CVE-2025-55552
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
CVE-2025-55553
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
CVE-2025-55554
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVSS Score
5.3
EPSS Score
0.001
Published
2025-09-25
CVE-2025-55557
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
CVE-2025-55558
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
CVE-2025-46148
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-09-25
CVE-2025-55551
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
CVE-2025-32434
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved