security/README.md
We regularly publish security advisories about using PaddlePaddle.
Note: In conjunction with these security advisories, we strongly encourage PaddlePaddle users to read and understand PaddlePaddle's security model as outlined in SECURITY.md.
| Advisory Number | Type | Versions affected | Reported by | Additional Information |
|---|---|---|---|---|
| PDSA-2023-023 | Command injection in convert_shape_compare | < 2.6.0 | leeya_bug | |
| PDSA-2023-022 | FPE in paddle.argmin and paddle.argmax | < 2.6.0 | Peng Zhou (zpbrent) from Shanghai University | |
| PDSA-2023-021 | Null pointer dereference in paddle.crop | < 2.6.0 | Peng Zhou (zpbrent) from Shanghai University | |
| PDSA-2023-020 | Command injection in _wget_download | < 2.6.0 | huntr.com | |
| PDSA-2023-019 | Command injection in get_online_pass_interval | < 2.6.0 | huntr.com and leeya_bug | |
| PDSA-2023-018 | Heap buffer overflow in paddle.repeat_interleave | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-017 | FPE in paddle.amin | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-016 | Stack overflow in paddle.linalg.lu_unpack | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-015 | FPE in paddle.lerp | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-014 | FPE in paddle.topk | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-013 | Stack overflow in paddle.searchsorted | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-012 | Segfault in paddle.put_along_axis | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-011 | Null pointer dereference in paddle.nextafter | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-010 | Segfault in paddle.mode | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-009 | FPE in paddle.linalg.eig | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-008 | Segfault in paddle.dot | < 2.6.0 | Tong Liu of CAS-IIE | |
| PDSA-2023-007 | FPE in paddle.linalg.matrix_rank | < 2.6.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2023-006 | FPE in paddle.nanmedian | < 2.6.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2023-005 | Command injection in fs.py | < 2.5.0 | Xiaochen Guo from Huazhong University of Science and Technology | |
| PDSA-2023-004 | FPE in paddle.linalg.matrix_power | < 2.5.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2023-003 | Heap buffer overflow in paddle.trace | < 2.5.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2023-002 | Null pointer dereference in paddle.flip | < 2.5.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2023-001 | Use after free in paddle.diagonal | < 2.5.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2022-002 | Code injection in paddle.audio.functional.get_window | = 2.4.0-rc0 | Tong Liu of ShanghaiTech University | |
| PDSA-2022-001 | OOB read in gather_tree | < 2.4 | Wang Xuan(王旋) of Qihoo 360 AIVul Team |