pytorch-lightning
PyPI6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting pytorch-lightningpage 1 of 1
- CVE-2021-4118HIGHCVSS 7.8EG 7.8✓ Fixed in 1.6.02021-12-23
vulnerable: 0.0.2 ... 1.5.10.post0 (131 versions)
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
- CVE-2022-0845CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.6.02022-03-05
vulnerable: 0.0.2 ... 1.5.10.post0 (131 versions)
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
- CVE-2024-8019CRITICALCVSS 9.1EG 9.1✓ Fixed in 2.4.02025-03-20
vulnerable: 0.0.2 ... 2.3.3 (203 versions)
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbit…
- CVE-2024-8020HIGHCVSS 7.5EG 7.52025-03-20
vulnerable: 0.0.2 ... 2.3.2 (202 versions)
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper hand…
- CVE-2026-31221HIGHCVSS 7.8EG 7.82026-05-12
vulnerable: 0.0.2 ... 2.6.0.dev0 (219 versions)
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load saved model sta…
- CVE-2026-44484CRITICALCVSS 9.8EG 9.82026-05-14
vulnerable: 2.6.3
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.
Check whether pytorch-lightning is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pytorch-lightning CVEs against the assets you own.
Start Free Scan →