Browse all 9 CVE security advisories affecting onnx. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ONNX serves as an open format for machine learning models, enabling interoperability across frameworks. Historically, vulnerabilities have included remote code execution, buffer overflows, and improper input validation, often stemming from insecure parsing of model files. While no major public incidents have been widely documented, the 9 recorded CVEs highlight potential risks in model processing and serialization. Security characteristics include reliance on third-party runtime environments and dependencies, which may introduce additional attack surfaces. Proper validation of untrusted models remains critical to prevent exploitation, as malformed inputs could lead to arbitrary code execution or system compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34447 | ONNX: External Data Symlink Traversal — onnxCWE-61 | 5.5 | Medium | 2026-04-01 |
| CVE-2026-34446 | ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load — onnxCWE-22 | 4.7 | Medium | 2026-04-01 |
| CVE-2026-27489 | ONNX: Path Traversal via Symlink — onnxCWE-23 | 5.5AI | MediumAI | 2026-04-01 |
| CVE-2026-34445 | ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. — onnxCWE-20 | 8.6 | High | 2026-04-01 |
| CVE-2026-28500 | ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack — onnxCWE-345 | 8.6 | High | 2026-03-18 |
| CVE-2024-7776 | Arbitrary File Overwrite in onnx/onnx — onnx/onnxCWE-22 | 9.8 | - | 2025-03-20 |
| CVE-2024-5187 | Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx — onnx/onnxCWE-22 | 8.8AI | HighAI | 2024-06-06 |
| CVE-2024-27319 | Open Neural Network Exchange 缓冲区错误漏洞 — onnxCWE-125 | 4.4 | Medium | 2024-02-23 |
| CVE-2024-27318 | Open Neural Network Exchange 安全漏洞 — onnxCWE-22 | 7.5 | High | 2024-02-23 |
This page lists every published CVE security advisory associated with onnx. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.