CVE-2022-45907: In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is
Summary
PyTorch versions before trunk/89695 have a vulnerability in the torch.jit.annotations.parse_type_line function that can allow arbitrary code execution (running attacker-controlled commands on a system) because it uses eval unsafely (eval is a function that executes code from text input without proper safety checks).
Vulnerability Details
9.8(critical)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2024-5452: A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to im
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-45907
First tracked: February 15, 2026 at 08:37 PM
Classified by LLM (prompt v3) · confidence: 95%