| CVE-2026-34447 |
unknown |
— |
— |
|
|
|
2mo ago |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows read… |
| CVE-2026-34446 |
unknown |
— |
— |
|
|
|
2mo ago |
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load |
| CVE-2026-34445 |
unknown |
— |
— |
|
|
|
2mo ago |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to loa… |
| CVE-2026-27489 |
unknown |
— |
— |
|
|
|
2mo ago |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outsi… |
| CVE-2026-28500 |
unknown |
— |
— |
|
|
|
3mo ago |
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to impro… |
| CVE-2024-7776 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal at… |
| CVE-2025-51480 |
unknown |
— |
— |
|
|
|
2y ago |
onnx allows Arbitrary File Overwrite in download_model_with_test_data |
| CVE-2024-5187 |
unknown |
— |
— |
|
|
|
2y ago |
onnx allows Arbitrary File Overwrite in download_model_with_test_data |
| CVE-2024-27319 |
unknown |
— |
— |
|
|
|
2y ago |
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
|
| CVE-2024-27318 |
unknown |
— |
— |
|
|
|
2y ago |
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model cu… |
| CVE-2022-25882 |
unknown |
— |
— |
|
|
|
3y ago |
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current director… |
