GHSA-rrmf-rvhw-rf47

Suggest an improvement
Source
https://github.com/advisories/GHSA-rrmf-rvhw-rf47
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-rrmf-rvhw-rf47/GHSA-rrmf-rvhw-rf47.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rrmf-rvhw-rf47
Aliases
Downstream
Related
Published
2025-03-31T15:30:48Z
Modified
2026-06-15T13:59:10.563809285Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
PyTorch is vulnerable to memory corruption through its torch.jit.script function
Details

A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-10T18:02:14Z",
    "nvd_published_at": "2025-03-31T15:15:46Z",
    "severity": "LOW",
    "cwe_ids": [
        "CWE-119"
    ]
}
References

Affected packages

PyPI / torch

Package

Name
torch
View open source insights on deps.dev
Purl
pkg:pypi/torch

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.12.0

Affected versions

1.*
1.0.0
1.0.1
1.1.0
1.2.0
1.3.0
1.3.1
1.4.0
1.5.0
1.5.1
1.6.0
1.7.0
1.7.1
1.8.0
1.8.1
1.9.0
1.9.1
1.10.0
1.10.1
1.10.2
1.11.0
1.12.0
1.12.1
1.13.0
1.13.1
2.*
2.0.0
2.0.1
2.1.0
2.1.1
2.1.2
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.4.0
2.4.1
2.5.0
2.5.1
2.6.0
2.7.0
2.7.1
2.8.0
2.9.0
2.9.1
2.10.0
2.11.0
2.12.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-rrmf-rvhw-rf47/GHSA-rrmf-rvhw-rf47.json"