Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

paddlepaddle — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting paddlepaddle. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PaddlePaddle is an open-source deep learning platform developed by Baidu, primarily utilized for building and deploying machine learning models in enterprise environments. Its architecture involves complex computational graphs and extensive integration with underlying system libraries, which has historically exposed it to various vulnerability classes. Security audits have identified thirty-one Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, buffer overflows, and improper input validation within its C++ core components. These flaws often stem from insufficient bounds checking in tensor operations or insecure handling of serialized model data. While no widespread, high-profile incidents have disrupted global infrastructure, the sheer volume of disclosed issues highlights significant technical debt in legacy modules. Developers are advised to maintain strict version control and apply patches promptly to mitigate risks associated with these known weaknesses in the framework’s execution engine.

Top products by paddlepaddle: PaddlePaddle paddlepaddle/paddle
CVE IDTitleCVSSSeverityPublished
CVE-2024-1603 confirmed — paddlepaddle/paddleCWE-73 8.1 -2024-03-23
CVE-2024-0818 PaddlePaddle 路径遍历漏洞 — paddlepaddle/paddleCWE-22 9.1AICriticalAI2024-03-07
CVE-2024-0917 paddlepaddle 代码注入漏洞 — paddlepaddle/paddleCWE-94 8.1AIHighAI2024-03-07
CVE-2024-0815 PaddlePaddle 操作系统命令注入漏洞 — paddlepaddle/paddleCWE-78 9.8AICriticalAI2024-03-07
CVE-2024-0817 PaddlePaddle 命令注入漏洞 — paddlepaddle/paddleCWE-77 8.4AIHighAI2024-03-07
CVE-2024-0521 Code Injection in paddlepaddle/paddle — paddlepaddle/paddleCWE-94 9.8 -2024-01-20
CVE-2023-52314 Command injection in convert_shape_compare — PaddlePaddleCWE-78 9.6 Critical2024-01-03
CVE-2023-52313 FPE in paddle.argmin and paddle.argmax — PaddlePaddleCWE-369 4.7 Medium2024-01-03
CVE-2023-52312 Null pointer dereference in paddle.crop — PaddlePaddleCWE-476 4.7 Medium2024-01-03
CVE-2023-52311 Command injection in _wget_download — PaddlePaddleCWE-78 9.6 Critical2024-01-03
CVE-2023-52310 Command injection in get_online_pass_interval — PaddlePaddleCWE-78 9.6 Critical2024-01-03
CVE-2023-52309 Heap buffer overflow in paddle.repeat_interleave — PaddlePaddleCWE-120 8.2 High2024-01-03
CVE-2023-52308 FPE in paddle.amin — PaddlePaddleCWE-369 4.7 Medium2024-01-03
CVE-2023-52307 Stack overflow in paddle.linalg.lu_unpack — PaddlePaddleCWE-120 8.2 High2024-01-03
CVE-2023-52306 FPE in paddle.lerp — PaddlePaddleCWE-369 4.7 Medium2024-01-03
CVE-2023-52305 FPE in paddle.topk — PaddlePaddleCWE-369 4.7 Medium2024-01-03
CVE-2023-52304 Stack overflow in paddle.searchsorted — PaddlePaddleCWE-120 8.2 High2024-01-03
CVE-2023-52303 Segfault in paddle.put_along_axis — PaddlePaddleCWE-476 4.7 Medium2024-01-03
CVE-2023-52302 Segfault in paddle.nextafter — PaddlePaddleCWE-476 4.7 Medium2024-01-03
CVE-2023-38678 Segfault in paddle.mode — PaddlePaddleCWE-125 4.7 Medium2024-01-03
CVE-2023-38677 FPE in paddle.linalg.eig — PaddlePaddleCWE-369 4.7 Medium2024-01-03
CVE-2023-38676 Segfault in paddle.dot — PaddlePaddleCWE-476 4.7 Medium2024-01-03
CVE-2023-38675 FPE in paddle.linalg.matrix_rank — PaddlePaddleCWE-369 4.7 Medium2024-01-03
CVE-2023-38674 FPE in paddle.nanmedian — PaddlePaddleCWE-369 4.7 Medium2024-01-03
CVE-2023-38673 Command injection in fs.py — PaddlePaddleCWE-78 9.6 Critical2023-07-26
CVE-2023-38672 FPE in paddle.linalg.matrix_power — PaddlePaddleCWE-369 4.7 Medium2023-07-26
CVE-2023-38671 Heap buffer overflow in paddle.trace — PaddlePaddleCWE-120 8.3 High2023-07-26
CVE-2023-38670 Null pointer dereference in paddle.flip — PaddlePaddleCWE-476 4.7 Medium2023-07-26
CVE-2023-38669 PaddlePaddle 资源管理错误漏洞 — PaddlePaddleCWE-416 8.3 High2023-07-26
CVE-2022-46742 PaddlePaddle 代码注入漏洞 — PaddlePaddleCWE-94 10.0 Critical2022-12-07

This page lists every published CVE security advisory associated with paddlepaddle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.