pytorch-lightning

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting pytorch-lightningpage 1 of 1

CVE-2021-4118HIGHCVSS 7.8EG 7.8✓ Fixed in 1.6.0
2021-12-23
vulnerable: 0.0.2 ... 1.5.10.post0 (131 versions)
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
CVE-2022-0845CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.6.0
2022-03-05
vulnerable: 0.0.2 ... 1.5.10.post0 (131 versions)
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
CVE-2026-31221HIGHCVSS 7.8EG 7.8
2026-05-12
vulnerable: 0.0.2 ... 2.6.0.dev0 (219 versions)
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load saved model sta…
CVE-2026-44484CRITICALCVSS 9.8EG 9.8
2026-05-14
vulnerable: 2.6.3
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

Check whether pytorch-lightning is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pytorch-lightning CVEs against the assets you own.

Start Free Scan →