Version 2.6.2

paddlepaddle

Parallel Distributed Deep Learning

Install Instructions

pip install paddlepaddle
Current Version Release Date September 13, 2024
Language Python
Package URL (purl) pkg:pip/paddlepaddle@2.6.2

Find paddlepaddle vulnerabilities in your supply chain.

Scan for Free

paddlepaddle Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2022-45908 High 9.8 CWE-94 0.00342 0.72203
  • 2.3.0–2.4.0rc0
  • 1.8.5
CVE-2022-46741 High 9.1 CWE-125 0.00225 0.61446
  • 2.3.0–2.4.0rc0
  • 1.8.5
CVE-2022-46742 High 9.8 CWE-94 0.00367 0.73203
  • 2.3.0–2.4.0rc0
  • 1.8.5
CVE-2023-38669 High 9.8 CWE-416 0.0019 0.5746
  • 2.3.0–2.5.0rc1
  • 1.8.5
CVE-2023-38670 High 7.5 CWE-476 0.00074 0.33573
  • 2.3.0–2.5.0rc1
  • 1.8.5
CVE-2023-38671 High 9.8 CWE-787, CWE-120 0.0019 0.5746
  • 2.3.0–2.5.0rc1
  • 1.8.5
CVE-2023-38672 High 7.5 CWE-369 0.00075 0.34
  • 2.3.0–2.5.0rc1
  • 1.8.5
CVE-2023-38673 High 9.8 CWE-78 0.00128 0.48976
  • 2.3.0–2.5.0rc1
  • 1.8.5
CVE-2023-38674 High 7.5 CWE-369 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-38675 High 7.5 CWE-369 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-38676 High 7.5 CWE-476 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-38677 High 7.5 CWE-369 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-38678 High 7.5 CWE-125 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52302 High 7.5 CWE-476 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52303 High 7.5 CWE-476 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52304 High 9.8 CWE-787, CWE-120 0.00091 0.40377
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52305 High 7.5 CWE-369 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52306 High 7.5 CWE-369 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52307 High 9.8 CWE-787, CWE-120 0.00091 0.40377
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52308 High 7.5 CWE-369 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52309 High 9.8 CWE-787, CWE-120 0.00091 0.40377
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52310 High 9.8 CWE-78 0.00068 0.31275
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52311 High 9.8 CWE-78 0.00068 0.31275
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52312 High 7.5 CWE-476 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52313 High 7.5 CWE-369 0.00046 0.18477
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2023-52314 High 9.8 CWE-78 0.00068 0.31275
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2024-0521 High 7.8 CWE-94 0.00043 0.10302
  • 2.3.0–2.5.2
  • 1.8.5
CVE-2024-0815 High 9.3 CWE-78 0.00043 0.10981
  • 3.0.0b0–3.0.0b2
  • 2.3.0–2.6.2
  • 1.8.5
CVE-2024-0817 High 9.3 CWE-77 0.00043 0.10302
  • 3.0.0b0–3.0.0b2
  • 2.3.0–2.6.2
  • 1.8.5
CVE-2024-0818 High 9.1 CWE-22 0.00044 0.11869
  • 2.3.0–2.6.0
  • 1.8.5
CVE-2024-0917 High 9.4 CWE-94 0.00043 0.10302
  • 3.0.0b0–3.0.0b2
  • 2.3.0–2.6.2
  • 1.8.5
CVE-2024-1603 High 8.2 CWE-73 0.00043 0.10302
  • 3.0.0b0–3.0.0b2
  • 2.3.0–2.6.2
  • 1.8.5

paddlepaddle Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-1603 paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2024-0917 remote code execution in paddlepaddle/paddle 2.6.0 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2024-0818 Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2024-0817 Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2024-0815 Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2024-0521 Code Injection in paddlepaddle/paddle 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52314 PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52313 FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52312 Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52311 PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52310 PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52309 Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52308 FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52307 Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52306 FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52305 FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52304 Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52303 Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-52302 Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38678 OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38677 FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38676 Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38675 FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38674 FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38673 PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38672 FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38671 Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38670 Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2023-38669 Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition. 2.3.0, 2.4.1, 2.3.1, 2.4.0, 2.4.2, 1.8.5, 2.4.0rc0, 2.5.0rc1 (Show all) Patch → NO_SAFE_VERSION
CVE-2022-46742 Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. 2.3.0, 2.3.1, 1.8.5, 2.4.0rc0, 2.3.2 Patch → NO_SAFE_VERSION
CVE-2022-46741 Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.  2.3.0, 2.3.1, 1.8.5, 2.4.0rc0, 2.3.2 Patch → NO_SAFE_VERSION
CVE-2022-45908 In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. 2.3.0, 2.3.1, 1.8.5, 2.4.0rc0, 2.3.2 Patch → NO_SAFE_VERSION

Instantly see if these paddlepaddle vulnerabilities affect your code.

Scan for Free

Dependencies

Packages using versions of paddlepaddle affected by its vulnerabilities

Dependent Packages
httpx
numpy>=1.13
Pillow
decorator
astor
opt-einsum==3.3.0
protobuf>=3.20.2; platform_system != "Windows"
protobuf<=3.20.2,>=3.1.0; platform_system == "Windows"