We regularly publish security advisories about using PaddlePaddle.
Note: In conjunction with these security advisories, we strongly encourage PaddlePaddle users to read and understand PaddlePaddle's security model as outlined in SECURITY.md.
| Advisory Number | Type | Versions affected | Reported by | Additional Information |
|---|---|---|---|---|
| PDSA-2023-005 | Command injection in fs.py | < 2.5.0 | Xiaochen Guo from Huazhong University of Science and Technology | |
| PDSA-2023-004 | FPE in paddle.linalg.matrix_power | < 2.5.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2023-003 | Heap buffer overflow in paddle.trace | < 2.5.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2023-002 | Null pointer dereference in paddle.flip | < 2.5.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2023-001 | Use after free in paddle.diagonal | < 2.5.0 | Tong Liu of ShanghaiTech University | |
| PDSA-2022-002 | Code injection in paddle.audio.functional.get_window | = 2.4.0-rc0 | Tong Liu of ShanghaiTech University | |
| PDSA-2022-001 | OOB read in gather_tree | < 2.4 | Wang Xuan(王旋) of Qihoo 360 AIVul Team |