gitsafehub
github.com/deepseek-ai/deepseek-v3 ↗

deepseek-ai/deepseek-v3

scanned 2026-06-27 · git 9b4e978
2 of 6 checks flagged a security issue
🔴 Needs attention
6 checks ran. Start with known oss vulnerabilities below.

Informational scan, not a security audit. How this is computed.

Leaked secretsVulnerable dependencies20Known OSS vulnerabilities49Risky code patternsMalicious dependenciesProject health10

Security checks

Leaked secrets — Gitleaks none found ✓

API keys, passwords or tokens committed into the repo.

Nothing found by this check. ✓

via Gitleaks v8.21.2 · MIT

Vulnerable dependencies — Trivy 20 found · 1 serious

Packages you depend on that have known security holes (CVEs).

  • Serious CVE-2025-32434 PyTorch is a Python package that provides tensor computation with stro ...
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-32434). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-2999 A vulnerability was found in PyTorch 2.6.0. It has been rated as criti ...
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-2999). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-3730 A vulnerability, which was classified as problematic, was found in PyT ...
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-3730). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-11392 transformers: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2024-11392). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-11393 transformers: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2024-11393). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-11394 transformers: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2024-11394). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-12720 Transformers Regular Expression Denial of Service (ReDoS) vulnerability
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2024-12720). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-1194 Transformers Regular Expression Denial of Service (ReDoS) vulnerability
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-1194). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-2099 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-2099). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-3263 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-3263). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-3264 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-3264). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-3933 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-3933). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-5197 transformers: Transformers ReDoS Vulnerability
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-5197). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-6051 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-6051). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-6638 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-6638). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-6921 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-6921). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-1839 transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint file
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2026-1839). Fix: Update that package to its patched version.
  • Minor CVE-2025-2953 torch: PyTorch torch.mkldnn_max_pool2d denial of service
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-2953). Fix: Update that package to its patched version.
  • Minor CVE-2025-3001 A vulnerability classified as critical was found in PyTorch 2.6.0. Thi ...
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-3001). Fix: Update that package to its patched version.
  • Minor CVE-2025-3777 transformers: Improper Input Validation in huggingface/transformers
    inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-3777). Fix: Update that package to its patched version.

via Trivy v0.70.0 · Apache-2.0

Known OSS vulnerabilities — OSV-Scanner 49 found · 2 serious

Your dependencies cross-checked against the OSV vulnerability database.

  • Serious PYSEC-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2024-48063). Fix: Update that package to its patched version.
  • Serious PYSEC-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command E
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-32434). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-191 A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-2953). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-198 In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-46148). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-203 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-55551). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-204 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-55552). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-205 A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-55553). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-206 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-55554). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-207 A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-55557). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-208 A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-55558). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-209 An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-55560). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-139 A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be pe
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2026-4538). Fix: Update that package to its patched version.
  • Worth fixing GHSA-887c-mr87-cxwp PyTorch Improper Resource Shutdown or Release vulnerability
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-3730). Fix: Update that package to its patched version.
  • Worth fixing GHSA-c678-jfcj-6jmf PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-2148). Fix: Update that package to its patched version.
  • Worth fixing GHSA-f4hp-rmr7-r7v8 PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-2998). Fix: Update that package to its patched version.
  • Worth fixing GHSA-qfhq-4f3w-5fph PyTorch is vulnerable to memory corruption through its torch.lstm_cell function
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-3001). Fix: Update that package to its patched version.
  • Worth fixing GHSA-rrmf-rvhw-rf47 PyTorch is vulnerable to memory corruption through its torch.jit.script function
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-3000). Fix: Update that package to its patched version.
  • Worth fixing GHSA-vgrw-7cvw-pwgx PyTorch is vulnerable to memory corruption through its unpack_sequence function
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-2999). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2024-227 Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installati
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2024-11392). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2024-228 Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected insta
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2024-11393). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2024-229 Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installatio
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2024-11394). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-211 Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected instal
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-14920). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-212 Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-14921). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-213 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installa
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-14924). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-214 Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Huggi
    /workdirs/scan-0d25954d-c4fe-4233-93e3-2960b3d5f3c6/inference/requirements.txt
    A package you depend on has a known security hole (CVE-2025-14926). Fix: Update that package to its patched version.
… 24 more not shown

via OSV-Scanner v1.9.2 · Apache-2.0

Risky code patterns — Semgrep none found ✓

Code that can be exploited — injection, hardcoded credentials and similar.

Nothing found by this check. ✓

via Semgrep v1.147.0 · LGPL-2.1

Malicious dependencies — Guarddog none found ✓

Packages that look intentionally malicious — typosquats, sneaky install scripts.

Nothing found by this check. ✓

via Guarddog v2.10.0 · Apache-2.0

Project health

A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.

Project health — OpenSSF Scorecard 10 notes

Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.

  • Worth fixing scorecard-overall OpenSSF Scorecard overall: 3.3/10
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-CI-Tests CI-Tests scored 0: 0 out of 11 merged PRs checked by a CI test -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Fuzzing Fuzzing scored 0: project is not fuzzed
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Maintained Maintained scored 0: 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Pinned-Dependencies Pinned-Dependencies scored 0: dependency not pinned by hash detected -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Security-Policy Security-Policy scored 0: security policy file not detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Token-Permissions Token-Permissions scored 0: detected GitHub workflow tokens with excessive permissions
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.

via OpenSSF Scorecard v5.5.0 · Apache-2.0

About these results. Six open-source checks ran in parallel; every finding is tagged with the tool that produced it. The verdict follows a published rule. False positives and false negatives are normal — a clean scan does not mean the code is secure, and a red verdict does not mean the project is compromised.