Vulnerabilities > Paddlepaddle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-26 | CVE-2023-38673 | OS Command Injection vulnerability in Paddlepaddle PaddlePaddle before 2.5.0 has a command injection in fs.py. | 9.8 |
| 2023-07-26 | CVE-2023-38670 | NULL Pointer Dereference vulnerability in Paddlepaddle Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. | 7.5 |
| 2023-07-26 | CVE-2023-38671 | Out-of-bounds Write vulnerability in Paddlepaddle Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. | 9.8 |
| 2023-07-26 | CVE-2023-38669 | Use After Free vulnerability in Paddlepaddle Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. | 9.8 |
| 2022-12-07 | CVE-2022-46742 | Code Injection vulnerability in Paddlepaddle 2.4.0 Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | 9.8 |
| 2022-12-07 | CVE-2022-46741 | Out-of-bounds Read vulnerability in Paddlepaddle Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. | 9.1 |
| 2022-11-26 | CVE-2022-45908 | Code Injection vulnerability in Paddlepaddle In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. | 9.8 |
| 2022-07-11 | CVE-2022-31523 | Path Traversal vulnerability in Paddlepaddle Anakin 0.1.0/0.1.1 The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 6.4 |