Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
CVE-2025-32434 PyTorch is a Python package that provides tensor computation with stro ...CVE-2024-31580 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow ...CVE-2024-31583 Pytorch before version v2.2.0 was discovered to contain a use-after-fr ...CVE-2025-2999 A vulnerability was found in PyTorch 2.6.0. It has been rated as criti ...CVE-2025-3730 A vulnerability, which was classified as problematic, was found in PyT ...CVE-2025-2953 torch: PyTorch torch.mkldnn_max_pool2d denial of serviceCVE-2025-3001 A vulnerability classified as critical was found in PyTorch 2.6.0. Thi ...Your dependencies cross-checked against the OSV vulnerability database.
PYSEC-2026-457 Arbitrary Code Execution in PillowPYSEC-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.PYSEC-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command EPYSEC-2024-48 Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could eGHSA-3936-cmfr-pm3m Black: Arbitrary file writes from unsanitized user input in cache file namePYSEC-2023-227 An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of PYSEC-2026-165 Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer GHSA-44wm-f244-xhp3 Pillow buffer overflow vulnerabilityGHSA-j7hp-h8jx-5ppr libwebp: OOB write in BuildHuffmanTableGHSA-r73j-pqj5-w3x7 Pillow has a PDF Parsing Trailer Infinite Loop (DoS)PYSEC-2024-251 Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.PYSEC-2024-252 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DPYSEC-2025-191 A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of servicePYSEC-2025-198 In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.PYSEC-2025-203 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.PYSEC-2025-204 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.PYSEC-2025-205 A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).PYSEC-2025-206 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().PYSEC-2025-207 A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).PYSEC-2025-208 A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a PYSEC-2025-209 An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.PYSEC-2026-139 A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be peGHSA-887c-mr87-cxwp PyTorch Improper Resource Shutdown or Release vulnerabilityGHSA-c678-jfcj-6jmf PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None ArgumentGHSA-f4hp-rmr7-r7v8 PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence FunctionCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.