OSV - Open Source Vulnerabilities

GHSA-q56x-g2fj-4rj6

PyPI/onnx

ONNX: TOCTOU arbitrary file read/write in save_external_dat

01 Apr

Fix available
Severity - 7.1 (High)

GHSA-p433-9wv8-28xj

PyPI/onnx

ONNX: External Data Symlink Traversal

01 Apr

Fix available
Severity - 5.5 (Medium)

GHSA-cmw6-hcpp-c6jp

PyPI/onnx

ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load

01 Apr

Fix available
Severity - 4.7 (Medium)

GHSA-538c-55jv-c5g9

PyPI/onnx

ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

01 Apr

Fix available
Severity - 8.6 (High)

GHSA-3r9x-f23j-gc73

PyPI/onnx

onnx Vulnerable to Path Traversal via Symlink

31 Mar

Fix available
Severity - 8.7 (High)

GHSA-hqmj-h5c6-369m

PyPI/onnx

ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

16 Mar

Fix available
Severity - 8.6 (High)

GHSA-h36j-8vv3-cj52

PyPI/onnx

Open Neural Network Exchange (ONNX) Path Traversal Vulnerability

20 Mar 2025

Fix available
Severity - 8.1 (High)

PYSEC-2025-10

PyPI/onnx

See record for full details

20 Mar 2025

Fix available
Severity - 9.1 (Critical)

GHSA-6rq9-53c3-f7vj

PyPI/onnx

onnx allows Arbitrary File Overwrite in download_model_with_test_data

06 Jun 2024

Fix available
Severity - 8.8 (High)

GHSA-h8wv-9h96-m4hr

PyPI/onnx

Onnx Out-of-bounds Read vulnerability

23 Feb 2024

Fix available
Severity - 4.4 (Medium)

GHSA-whh8-fjgc-qp73

PyPI/onnx

Onnx Directory Traversal vulnerability

23 Feb 2024

Fix available
Severity - 7.5 (High)

PYSEC-2024-222

PyPI/onnx
github.com/onnx/onnx

See record for full details

23 Feb 2024

Fix available
Severity - 7.5 (High)

PYSEC-2024-223

PyPI/onnx
github.com/onnx/onnx

See record for full details

23 Feb 2024

Fix available
Severity - 9.1 (Critical)

GHSA-ffxj-547x-5j7c

PyPI/onnx

Directory Traversal in onnx

26 Jan 2023

Fix available
Severity - 8.7 (High)

PYSEC-2023-38

PyPI/onnx
github.com/onnx/onnx

See record for full details

26 Jan 2023

Fix available