mlx

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting mlxpage 1 of 1

CVE-2025-62608CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.29.4
2025-11-21
vulnerable: 0.0.10 ... 0.9.1 (45 versions)
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds r…
CVE-2025-62609HIGHCVSS 7.5EG 7.5✓ Fixed in 0.29.4
2025-11-21
vulnerable: 0.0.10 ... 0.9.1 (45 versions)
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer from external gguflib library is derefer…

Check whether mlx is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mlx CVEs against the assets you own.

Start Free Scan →