Bounties
Partners
Community
Info
facebookresearch / faiss
Project repository
A library for efficient similarity search and clustering of dense vectors.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
13 DAYS
FIX
WITHIN
N/A DAYS
Insecure Deserialization in faiss.contrib.rpc allows Remote Arbitrary File Read/...
May 25th 2026
notfound-sec
•
duplicate
Critical
Arbitrary Code Execution via Insecure Deserialization in BigBatchSearcher.read_c...
May 19th 2026
mikeappsec
•
self closed
Integer Overflow in ilpn Deserialization — Missing mul_no_overflow() causes DoS...
Mar 22nd 2026
mscgo
•
self closed
Arbitrary File Read via OnDiskInvertedLists — malicious .index opens any file vi...
Mar 22nd 2026
mscgo
•
self closed
Path traversal via OnDiskInvertedLists filename in read_index allows arbitrary f...
Mar 18th 2026
eistee82
•
self closed
Path traversal via OnDiskInvertedLists filename in read_index allows arbitrary f...
Mar 18th 2026
eistee82
•
self closed
Unsafe pickle.load() in faiss big_batch_search() Checkpoint Enables RCE via Mali...
Mar 18th 2026
odysseypro25-project
•
self closed
Arbitrary code execution via eval() injection in FAISS offline IVF configuration...
Mar 16th 2026
elucidator-hky
•
self closed
Arbitrary code execution via unsafe pickle.load and torch.load(weights_only=Fals...
Mar 16th 2026
elucidator-hky
•
self closed
Arbitrary File Read/Truncation via OnDiskInvertedLists Path Traversal
Mar 8th 2026
alrightryanx
•
self closed
Integer Overflow in ArrayInvertedListsPanorama Deserialization Leading to Heap O...
Mar 3rd 2026
p0her
•
duplicate
Medium
Out-of-Bounds Read and Write via Malicious NNDescent Index in Faiss
May 26th 2026
zitoxxx
•
pending
Arbitrary File Read/Write via OnDiskInvertedLists Deserialized Filename
May 22nd 2026
wernerina
•
duplicate
High
IndexIDMap2 NULL Pointer Dereference in construct_rev_map() During Deserializati...
May 22nd 2026
morecitricacid-coder
•
pending
IndexIDMap NULL Pointer Read in search_ex() via Crafted Index
May 22nd 2026
morecitricacid-coder
•
pending
IndexRaBitQ NULL Pointer Read in distance_to_code_1bit() via Crafted Index
May 22nd 2026
morecitricacid-coder
•
pending
IndexHNSW NULL Pointer Read in VisitedTable::set() via Crafted Index
May 22nd 2026
morecitricacid-coder
•
pending
AdditiveQuantizer NULL Pointer Read in set_derived_values() During Deserializati...
May 22nd 2026
morecitricacid-coder
•
pending
IndexPQ NULL Pointer Read in PQDecoderGeneric::decode() via Crafted Index
May 22nd 2026
morecitricacid-coder
•
pending
IndexLSH NULL Pointer Read in apply_preprocess via Crafted Index
May 21st 2026
morecitricacid-coder
•
pending
IndexFlat NULL Pointer Write via Crafted Index in compute_residual Path
May 21st 2026
morecitricacid-coder
•
pending
Out-of-bounds Heap Read in ScalarQuantizer Codec8bit via Crafted FAISS Index
May 21st 2026
morecitricacid-coder
•
duplicate
None
Out-of-bounds Heap Read in ScalarQuantizer Codec8bit via Crafted FAISS Index
May 21st 2026
morecitricacid-coder
•
duplicate
None
FAISS ScalarQuantizer Codec6bit Out-of-Bounds Heap Read via Crafted Index
May 21st 2026
morecitricacid-coder
•
duplicate
High
Arbitrary File Read via Path Traversal in OnDiskInvertedLists
May 21st 2026
alrightryanx
•
duplicate
Medium
Heap Buffer Overflow via Crafted NNDescent Index
Feb 20th 2026
alrightryanx
•
duplicate
High
Out-of-bounds Heap Read in ScalarQuantizer Codecs via Crafted FAISS Index File
May 20th 2026
morecitricacid-coder
•
duplicate
None
Out-of-bounds Heap Read in ScalarQuantizer Codecs via Crafted FAISS Index File
Feb 19th 2026
morecitricacid-coder
•
self closed
Out-of-bounds Heap Read in ScalarQuantizer Codecs via Crafted FAISS Index File
Feb 19th 2026
morecitricacid-coder
•
self closed
ArrayInvertedLists Sparse idsizes Out-of-Bounds Heap Read via Odd-Length Vector
May 16th 2026
iiviel
•
duplicate
High
Heap-buffer-overflow in ScalarQuantizer decode via crafted .faiss index file
May 13th 2026
cr-itamarhershko
•
duplicate
Medium
READVECTOR macro allows 8TB memory allocation DoS via crafted .faissindex file —...
May 8th 2026
iiviel
•
pending
Out-of-Bounds Heap Read via odd-length sparse idsizes vector in ArrayInvertedLis...
May 8th 2026
iiviel
•
duplicate
High
Integer overflow in NSG graph deserialization leads to heap buffer overflow writ...
Feb 7th 2026
iiviel
•
duplicate
Critical
Arbitrary Code Execution via ```pickle.load()``` on Attacker-Supplied Checkpoin...
Feb 1st 2026
abdallaabdalrhman
•
duplicate
High
RPC Server Sends Unrestricted Pickle — Attacker-Controlled Server Achieves RCE o...
Feb 1st 2026
abdallaabdalrhman
•
duplicate
Critical
Integer Overflow in BinaryHash Bitstring Buffer Allocation
May 2nd 2026
abdallaabdalrhman
•
pending
FAISS IndexBinaryHash BitstringReader Out-of-bounds Read Vulnerability
Feb 1st 2026
mia-718ai
•
duplicate
High
Integer Overflow in Panorama IVF Leads to Heap Buffer Overflow
May 2nd 2026
abdallaabdalrhman
•
pending
Arbitrary File Read via Path Traversal in ```OnDiskInvertedLists``` Filename Des...
May 2nd 2026
abdallaabdalrhman
•
pending
Heap Out-of-Bounds Write via Crafted NSG Index — Arbitrary Code Execution Path
Feb 7th 2026
abdallaabdalrhman
•
duplicate
Critical
Out-of-Bounds Heap Read in read_ArrayInvertedLists_sizes() via Odd-Length Sparse...
May 2nd 2026
abdallaabdalrhman
•
duplicate
High
FAISS Benchmark Framework Unsafe Pickle Deserialization leads to Remote Code Exe...
Feb 1st 2026
mia-718ai
•
duplicate
High
FAISS index_factory std::stoi Exception Handling - Denial of Service
May 1st 2026
mia-718ai
•
pending
FAISS rev_swig_ptr() Use-After-Free Due to Unsafe numpy Array Creation from C++...
May 1st 2026
mia-718ai
•
pending
FAISS IndexIVFFlatDedup Deserialization Heap Buffer Over-read Vulnerability
May 1st 2026
mia-718ai
•
pending
Heap-Based Buffer Overflow in faiss::imbalance_factor() Leading to Remote Denial...
Apr 28th 2026
ahmtbrt07
•
duplicate
Critical
Unvalidated `n_levels` allows division-by-zero crash in Panorama-based indexes
Mar 3rd 2026
f00dat
•
duplicate
High
Heap Buffer Overflow in FAISS IVF via imbalance_factor()
Apr 2nd 2026
hyperps
•
pending
FAISS Python API: Externally-Controlled Format String leads to DOS
Mar 29th 2026
prodigysec
•
pending
Faiss NSG Deserialization OOB Write
Feb 7th 2026
somet2mes
•
duplicate
High
Parallel exception masking in OpenMP loops hides failures (CWE-703)
Dec 16th 2025
happyjesterr
•
self closed
Null pointer dereference in GenericDistanceComputer::operator() causes process c...
Dec 16th 2025
happyjesterr
•
self closed
Unmanaged raw pointer allocations may leak memory on exception paths in Faiss (r...
Dec 16th 2025
happyjesterr
•
self closed
Denial of Service via unbounded pickle deserialization in FAISS RPC ( contrib/rp...
Feb 1st 2026
0init
•
duplicate
Medium
Client-side RCE via Unsafe Pickle Deserialization in FAISS contrib/rpc.py (Res...
Sep 18th 2025
0init
•
duplicate
High
Integer Overflow in FAISS IndexBinary::search_and_reconstruct Leading to Memory...
Oct 23rd 2025
elexs1zz
•
duplicate
High
Integer Overflow in Binary Search Midpoint Calculation Leading to Out-of-Bounds...
Oct 4th 2025
joelindra
•
pending
Faiss C API: Heap Buffer Overflow in IndexIVF (invlists_get_ids)
Jul 12th 2025
thevilledev
•
pending
Faiss C API: Uninitialized Memory in faiss_Index_sa_code_size Leading to Potenti...
Jun 21st 2025
thevilledev
•
pending
Bypass of RestrictedUnpickler in RPC Module Leads to Remote Code Execution
Feb 3rd 2025
shenaow
•
informative
Critical
Buffer Overflow
Oct 21st 2024
azqzazq1
•
informative
High
Insecure Temporary File
May 23rd 2024
h2oa
•
not applicable
Malicious file loaded to RCE in big_batch_search
Feb 28th 2024
supersuperbang
•
informative
High
Floating Point Exception in index_factory
May 17th 2023
r3pwnx
•
pending
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
