torch
PyPI30 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting torchpage 1 of 1
- CVE-2022-45907CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.13.12022-11-26
vulnerable: 1.0.0 ... v0.1.1 (57 versions)
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
- CVE-2024-31580MEDIUMCVSS 4.0EG 4.0✓ Fixed in 2.2.02024-04-17
vulnerable: 1.0.0 ... v0.1.1 (86 versions)
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-31583HIGHCVSS 7.8EG 7.8✓ Fixed in 2.2.02024-04-17
vulnerable: 1.0.0 ... v0.1.1 (86 versions)
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
- CVE-2024-31584MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.2.02024-04-19
vulnerable: 1.0.0 ... 2.1.2 (29 versions)
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
- CVE-2024-48063CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.5.02024-10-29
vulnerable: 1.0.0 ... 2.4.1 (36 versions)
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
- CVE-2025-2148MEDIUMCVSS 5.0EG 5.02025-03-10
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the ar…
- CVE-2025-2149LOWCVSS 2.5EG 2.52025-03-10
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to im…
- CVE-2025-2953LOWCVSS 3.3EG 3.32025-03-30
vulnerable: 1.0.0 ... 2.6.0 (39 versions)
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locall…
- CVE-2025-2998MEDIUMCVSS 5.3EG 5.32025-03-31
A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to a…
- CVE-2025-2999MEDIUMCVSS 5.3EG 5.32025-03-31
A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The expl…
- CVE-2025-3000MEDIUMCVSS 5.3EG 5.32025-03-31
A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been di…
- CVE-2025-3001MEDIUMCVSS 5.3EG 5.32025-03-31
A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclo…
- CVE-2025-3121LOWCVSS 3.3EG 3.32025-04-02
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The ex…
- CVE-2025-3136LOWCVSS 3.3EG 3.32025-04-03
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memo…
- CVE-2025-32434CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.6.02025-04-18
vulnerable: 1.0.0 ... 2.5.1 (38 versions)
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in …
- CVE-2025-3730LOWCVSS 3.3EG 3.3✓ Fixed in 2.8.02025-04-16
vulnerable: 1.0.0 ... 2.7.1 (41 versions)
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack ha…
- CVE-2025-46148MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.7.02025-09-25
vulnerable: 1.0.0 ... 2.6.0 (39 versions)
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
- CVE-2025-46149MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.7.02025-09-25
vulnerable: 2.6.0
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
- CVE-2025-46150MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.7.02025-09-25
vulnerable: 2.6.0
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
- CVE-2025-46152MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.7.02025-09-25
vulnerable: 2.6.0
In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
- CVE-2025-46153MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.7.02025-09-25
vulnerable: 2.6.0
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=T…
- CVE-2025-55551HIGHCVSS 7.5EG 7.5✓ Fixed in 2.9.02025-09-25
vulnerable: 1.0.0 ... 2.8.0 (42 versions)
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
- CVE-2025-55552HIGHCVSS 7.5EG 5.3✓ Fixed in 2.9.02025-09-25
vulnerable: 1.0.0 ... 2.8.0 (42 versions)
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
- CVE-2025-55553HIGHCVSS 7.5EG 7.5✓ Fixed in 2.7.12025-09-25
vulnerable: 1.0.0 ... 2.7.0 (40 versions)
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
- CVE-2025-55554MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.9.02025-09-25
vulnerable: 1.0.0 ... 2.8.0 (42 versions)
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
- CVE-2025-55557HIGHCVSS 7.5EG 7.5✓ Fixed in 2.7.12025-09-25
vulnerable: 1.0.0 ... 2.7.0 (40 versions)
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
- CVE-2025-55558HIGHCVSS 7.5EG 7.5✓ Fixed in 2.7.12025-09-25
vulnerable: 1.0.0 ... 2.7.0 (40 versions)
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
- CVE-2025-55560HIGHCVSS 7.5EG 7.5✓ Fixed in 2.7.12025-09-25
vulnerable: 1.0.0 ... 2.7.0 (40 versions)
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
- CVE-2025-63396LOWCVSS 3.3EG 3.32025-11-12
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).
- CVE-2026-4538MEDIUMCVSS 5.3EG 5.32026-03-22
vulnerable: 1.0.0 ... 2.9.1 (45 versions)
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The e…
Check whether torch is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for torch CVEs against the assets you own.
Start Free Scan →