lightning

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting lightningpage 1 of 1

CVE-2024-5452CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.3.3
2024-06-06
vulnerable: 1.8.0 ... 2.3.2 (68 versions)
A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The librar…
CVE-2024-5980CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.3.3
2024-06-27
vulnerable: 1.8.0 ... 2.3.2 (68 versions)
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy ma…

Check whether lightning is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for lightning CVEs against the assets you own.

Start Free Scan →