repository icon
onnx / onnx Project repository

Open standard for machine learning interoperability

Submit a report

FIRST INTERACTION

WITHINN/A DAYS

REVIEW

WITHIN4 DAYS

FIX

WITHINN/A DAYS

Native stack exhaustion (SIGSEGV) in onnx.inliner via a function-call cycle hidd...
hocinek
self closed
Uncontrolled recursion in ONNX text parser (Parse(TypeProto&)) causes stack-over...
vkehs58-oss
self closed
Uncontrolled recursion in ONNX text parser (Parse(TypeProto&)) causes stack-over...
vkehs58-oss
self closed
Regular Expression Denial of Service (ReDoS) in RegexFullMatch Operator
abdugafforov-bobur
self closed
ONNX checker accepts tensors with data shorter than declared dimensions, leading...
usernamebiasa
self closed
Recursive Stack Exhaustion in ONNX numpy_helper via Deeply Nested Sequences
galanzi2580-wq
self closed
Denial of Service via Unbounded Memory Allocation in Sub-byte Packed Types
surrealgrain
self closed
Integer overflow in sparse tensor dimension product bypasses bounds validation i...
bersechub
self closed
Unchecked integer arithmetic in ParseData causes DoS and silent shape truncation...
jd-admrl-ai
self closed
Arbitrary file overwrite in onnx.model_container.ModelContainer.save() via symli...
9to5ai
self closed
CWE-190: Integer Overflow in Dimension Multiplication Helpers Affects Flatten, T...
marchantdev
self closed
Integer Overflow in Reshape Shape Inference Produces Incorrect Dimensions (CWE-1...
marchantdev
self closed
Heap buffer overread via integer overflow in size_from_dim() used by version con...
kodareef5
duplicate
Medium
Missing input validation in ONNX TensorProto checker enables downstream memory c...
javitoia
pending
Multiple integer overflow vulnerabilities in ONNX tensor validation and shape in...
javitoia
duplicate
High
Heap buffer over-read via negative TensorProto dims in sparse tensor checking
javitoia
pending
Path traversal via startswith prefix bypass in _safe_members tar extraction (mis...
kodareef5
pending
Integer Overflow in Sparse Tensor Linearized Index Calculation
nhomyk
duplicate
Medium
Unbounded Memory Allocation via dim_value in Shape Inference
nhomyk
pending
uuid.uuid1() in convert_model_to_external_data() generates predictable filenames...
kennethkcox
pending
Incomplete Fix Bypass: Path Traversal via Prefix Collision in tarmembers_filter...
snailsploit
pending
Integer overflow in sparse index linearization permits checker lexicographic val...
xeloxa
duplicate
Medium
Raw initializer logic bug: checker-passing models using raw_data can be silently...
xeloxa
pending
Out-of-Bounds Read in ONNX version converter adapters due to missing raw_data le...
xeloxa
duplicate
Medium
Out-of-Bounds Write in ParseData(Tensor*) leads to deterministic crash in ONNX v...
xeloxa
pending
Integer divide-by-zero in ONNX Conv/Pool shape inference causes process crash vi...
imhost00
pending
Path traversal safety check bypass in _tar_members_filter() due to unsafe starts...
elucidator-hky
self closed
ONNX Path Traversal via startswith Prefix Collision. Sorry its supposed to be M...
williamzero9
self closed
Integer Overflow in SpaceToDepth and DepthToSpace Shape Inference Produces Inval...
jdhart81
duplicate
Medium
Integer Overflow in Tile Shape Inference Produces Invalid Negative Dimensions (B...
jdhart81
pending
Integer Overflow in Reshape Shape Inference Produces Invalid Negative Dimensions...
jdhart81
pending
Unbounded Stack Recursion via Self-Recursive Model-Local Functions Crashes Proce...
alrightryanx
pending
Multiple Path Traversal Bypasses in ONNX: external_data symlink escape and tar e...
4ur0n
duplicate
High
Null Pointer Dereference in OneHot Shape Inference
sn1r
pending
Integer Overflow in onnx::ParseData leading to Denial of Service
sn1r
self closed
Out-of-bounds Heap Read in ONNX Version Converter Adapters
sn1r
duplicate
High
Unlimited Graph Nesting Depth in Visitor Pattern Enables Stack Overflow DoS via...
k2ito
pending
Integer Overflow in Dense Tensor Dimension Multiplication Bypasses Checker Valid...
k2ito
duplicate
Critical
Integer Overflow in Model Checker Tensor Validation Allows Malformed Models to P...
avienma007
duplicate
High
Path Traversal in convert_model_to_external_data
kai-agent
duplicate
High
Integer Overflow in ParseData Tensor Dimension Calculation Leading to Validation...
avienma007
duplicate
High
Remote Code Execution and Repository Compromise via `pull_request_target` Workfl...
zitoxxx
pending
Signed Integer Overflow in Sparse Tensor Bounds Check Allows Index Validation By...
zeroxjacks
duplicate
Medium
Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
zeroxjacks
duplicate
Medium
UNC Path Injection for NTLM Hash Theft
rezaduty
pending
Attribute Injection via setattr()
rezaduty
pending
Hub Path Traversal via Manifest
rezaduty
duplicate
Medium
Uncontrolled Resource Consumption and Stack Exhaustion via Crafted ONNX Models
hyperps
pending
[CWE-22] Path Traversal in _tar_members_filter Bypasses CVE-2024-5187 Fix
vnykmshr
duplicate
Low
Arbitrary File Read via ExternalData Hardlink Bypass in onnx.load
zeroxjacks
duplicate
Medium
Object State Corruption and Denial of Service via Unrestricted setattr() in Exte...
zeroxjacks
duplicate
High
Signed Integer Overflow in Sparse Tensor Bounds Check allowing Validation Bypass...
zeroxjacks
duplicate
High
Security Control Bypass in onnx.hub.load via silent=True leading to Silent Suppl...
zeroxjacks
pending
Directory Traversal via startswith() Bypass in _tar_members_filter
optimus-fulcria
pending
Integer Overflow in Tensor Size Validation Bypasses Data Consistency Check in Pa...
shima-coder
duplicate
High
huntr: onnx/onnx