OneflowCVEs & Vulnerabilities

11 CVEs affecting Oneflow products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

oneflow 11
CVE-2025-63397MEDIUM

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion.

11 Nov 2025
6.5
CVSS
CVE-2024-36740HIGH

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size.

6 Jun 2024
7.5
CVSS
CVE-2024-36735MEDIUM

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating.

6 Jun 2024
5.3
CVSS
CVE-2024-36734HIGH

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.

6 Jun 2024
7.5
CVSS
CVE-2024-36732HIGH

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.

6 Jun 2024
7.5
CVSS
CVE-2024-36730HIGH

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.

6 Jun 2024
7.5
CVSS
CVE-2024-36745HIGH

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter.

6 Jun 2024
7.5
CVSS
CVE-2024-36743HIGH

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.

6 Jun 2024
7.5
CVSS
CVE-2024-36737HIGH

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.

6 Jun 2024
7.5
CVSS
CVE-2024-36736CRITICAL

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.

6 Jun 2024
9.8
CVSS
CVE-2024-36742HIGH

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.

6 Jun 2024
7.5
CVSS
← PrevPage 1 / 1Next →