Bounties
Partners
Community
Info
apache / tvm
Project repository
Open deep learning compiler stack for cpu, gpu and specialized accelerators
Submit a report
FIRST INTERACTION
WITHIN
8 DAYS
REVIEW
WITHIN
12 DAYS
FIX
WITHIN
N/A DAYS
TVM RPC infrastructure allows arbitrary code execution when loading untrusted .t...
Apr 10th 2025
kerkroups
•
informative
Critical
Insecure Temporary File in Test Module
Nov 11th 2024
ralph13
•
self closed
TVM allows arbitrary loading of malicious remote SO library functions.
Sep 20th 2024
hexian2001
•
self closed
Local File Read (LFI) via download() RPC End Point
Jul 22nd 2024
zpbrent
•
informative
High
Arbitrary File Delete via remove() RPC End Point
Jul 22nd 2024
zpbrent
•
informative
Critical
Arbitrary File Write via upload() RPC End Point
Jun 28th 2024
zpbrent
•
informative
Critical
Use of Cryptographically Weak Pseudo-Random Number Generator
May 27th 2024
kr3ww
•
self closed
Command injection in get_skipped_tests_comment function
May 27th 2024
kr3ww
•
informative
High
Apache TVM presence command execution
Feb 28th 2024
laoquanshi
•
informative
Critical
Dependency confusion due to unsafe use of external pip indexes leads to RCE
Feb 28th 2024
mgamelot
•
informative
Critical
Apache TVM command execution vulnerability
Nov 22nd 2023
laoquanshi
•
not applicable
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
