torch
PyPI6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting torchpage 1 of 1
- CVE-2022-45907CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.13.12022-11-26
vulnerable: 1.0.0 ... 1.9.1 (26 versions)
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
- CVE-2024-31580MEDIUMCVSS 4.0EG 4.0✓ Fixed in 2.2.02024-04-17
vulnerable: 1.0.0 ... 2.1.2 (29 versions)
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-31583HIGHCVSS 7.8EG 7.8✓ Fixed in 2.2.02024-04-17
vulnerable: 1.0.0 ... 2.1.2 (29 versions)
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
- CVE-2024-31584MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.2.02024-04-19
vulnerable: 1.0.0 ... 2.1.2 (29 versions)
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
- CVE-2024-48063CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.5.02024-10-29
vulnerable: 1.0.0 ... 2.4.1 (36 versions)
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
- CVE-2026-4538MEDIUMCVSS 5.3EG 5.32026-03-22
vulnerable: 1.0.0 ... 2.9.1 (45 versions)
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The e…
Check whether torch is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for torch CVEs against the assets you own.
Start Free Scan →