AI Threat Alert
PyTorch Vulnerabilities
pip ML Libraries 85
Risk Score
40
Total CVEs
7
Critical
pip
Ecosystem
May 12, 2026
Last CVE
7%
Patch Rate
142d
Avg Time to Patch
99,950 stars
27,807 forks
18,504 issues
21,908 dependents
Last push May 17, 2026
View on GitHub
OpenSSF Scorecard 6.4/10
Known Vulnerabilities (40 total, page 2 of 2)
Severity CVE ID Summary CVSS Published
MEDIUM CVE-2025-2953 PyTorch: DoS via mkldnn_max_pool2d resource leak 5.5 Mar 30, 2025 LOW CVE-2025-2149 PyTorch: improper init in quantized sigmoid skews model output 2.5 Mar 10, 2025 HIGH CVE-2025-2148 PyTorch: memory corruption in JIT profiler callback handler 7.5 Mar 10, 2025 CRITICAL CVE-2024-48063 PyTorch: RCE via RemoteModule deserialization 9.8 Oct 29, 2024 HIGH CVE-2024-35199 TorchServe: default gRPC exposure allows unauth inference 8.2 Jul 19, 2024 CRITICAL CVE-2024-35198 TorchServe: URL bypass enables arbitrary model loading 9.8 Jul 19, 2024 CRITICAL CVE-2024-5452 pytorch-lightning: RCE via deepdiff Delta deserialization 9.8 Jun 6, 2024 MEDIUM CVE-2024-31584 PyTorch: OOB read in mobile model loader leaks memory 5.5 Apr 19, 2024 HIGH CVE-2024-31583 PyTorch: use-after-free in JIT mobile interpreter, RCE 7.8 Apr 17, 2024 MEDIUM CVE-2024-31580 PyTorch: heap buffer overflow causes local DoS 4.0 Apr 17, 2024 MEDIUM CVE-2023-48299 TorchServe: ZipSlip arbitrary file write via model upload 5.3 Nov 21, 2023 CRITICAL CVE-2023-43654 TorchServe: SSRF + RCE via unrestricted model URL loading 9.8 Sep 28, 2023 CRITICAL CVE-2022-45907 PyTorch: RCE via unsafe eval in JIT annotations 9.8 Nov 26, 2022 CRITICAL CVE-2022-0845 pytorch-lightning: code injection enables full RCE 9.8 Mar 5, 2022 HIGH CVE-2021-4118 pytorch-lightning: deserialization RCE via malicious checkpoint 7.8 Dec 23, 2021 Showing 26–40 of 40
Monitor PyTorch in your stack
Get instant alerts when new vulnerabilities affect PyTorch. CISO analysis, ATLAS technique mappings, and compliance reports included.
Start Monitoring