Skip to content

sentence-transformers-2.2.2.tar.gz: 18 vulnerabilities (highest severity is: 10.0) #9

Open
Open
sentence-transformers-2.2.2.tar.gz: 18 vulnerabilities (highest severity is: 10.0)#9
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by Mend
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
bot
opened on Nov 10, 2025
Vulnerable Library - sentence-transformers-2.2.2.tar.gz

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/requests-2.32.5.dist-info

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Vulnerabilities

Vulnerability Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (sentence-transformers version) Remediation Possible** Reachability
CVE-2026-0848 Critical 10.0 Not Defined 0.5% nltk-3.9.2-py3-none-any.whl Transitive 2.3.0
CVE-2025-14009 Critical 10.0 Not Defined 0.6% nltk-3.9.2-py3-none-any.whl Transitive N/A*
CVE-2026-24747 High 8.8 Not Defined 0.0% torch-2.8.0-cp310-none-macosx_11_0_arm64.whl Transitive 2.3.0
CVE-2026-0847 High 8.6 Not Defined 0.3% nltk-3.9.2-py3-none-any.whl Transitive 2.3.0
CVE-2026-0846 High 8.6 Not Defined 0.1% nltk-3.9.2-py3-none-any.whl Transitive 2.3.0
CVE-2026-33236 High 8.1 Not Defined 0.0% nltk-3.9.2-py3-none-any.whl Transitive N/A*
CVE-2026-33231 High 7.5 Not Defined 0.1% nltk-3.9.2-py3-none-any.whl Transitive N/A*
CVE-2025-55551 High 7.5 Not Defined 0.1% torch-2.8.0-cp310-none-macosx_11_0_arm64.whl Transitive 2.3.0
CVE-2025-68146 Medium 6.3 Not Defined 0.0% filelock-3.19.1-py3-none-any.whl Transitive N/A*
CVE-2026-33230 Medium 6.1 Not Defined 0.0% nltk-3.9.2-py3-none-any.whl Transitive N/A*
CVE-2026-4538 Medium 5.3 Proof of concept 0.0% torch-2.8.0-cp310-none-macosx_11_0_arm64.whl Transitive N/A*
CVE-2026-22701 Medium 5.3 Not Defined 0.0% filelock-3.19.1-py3-none-any.whl Transitive 2.3.0
CVE-2025-55552 Medium 5.3 Not Defined 0.1% torch-2.8.0-cp310-none-macosx_11_0_arm64.whl Transitive N/A*
CVE-2025-3001 Medium 5.3 Not Defined 0.2% torch-2.8.0-cp310-none-macosx_11_0_arm64.whl Transitive N/A*
CVE-2025-2999 Medium 5.3 Not Defined 0.1% torch-2.8.0-cp310-none-macosx_11_0_arm64.whl Transitive N/A*
CVE-2025-2998 Medium 5.3 Not Defined 0.1% torch-2.8.0-cp310-none-macosx_11_0_arm64.whl Transitive N/A*
CVE-2026-25645 Medium 4.4 Not Defined 0.0% requests-2.32.5-py3-none-any.whl Transitive N/A*
CVE-2025-63396 Low 3.3 Not Defined 0.0% torch-2.8.0-cp310-none-macosx_11_0_arm64.whl Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2026-0848

Vulnerable Library - nltk-3.9.2-py3-none-any.whl

Natural Language Toolkit

Library home page: https://files.pythonhosted.org/packages/60/90/81ac364ef94209c100e12579629dc92bf7a709a84af32f8c551b02c07e94/nltk-3.9.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/nltk-3.9.2.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • nltk-3.9.2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.

Publish Date: 2026-03-05

URL: CVE-2026-0848

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.5%

CVSS 3 Score Details (10.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.com/bounties/08b109bb-ac24-403f-9422-1c246ce60202

Release Date: 2026-03-05

Fix Resolution (nltk): 3.9.3

Direct dependency fix Resolution (sentence-transformers): 2.3.0

In order to enable automatic remediation, please create workflow rules

CVE-2025-14009

Vulnerable Library - nltk-3.9.2-py3-none-any.whl

Natural Language Toolkit

Library home page: https://files.pythonhosted.org/packages/60/90/81ac364ef94209c100e12579629dc92bf7a709a84af32f8c551b02c07e94/nltk-3.9.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/nltk-3.9.2.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • nltk-3.9.2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as init.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms.
Mend Note: The description of this vulnerability differs from MITRE.

Publish Date: 2026-02-18

URL: CVE-2025-14009

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.6%

CVSS 3 Score Details (10.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7p94-766c-hgjp

Release Date: 2026-02-18

Fix Resolution: nltk - 3.9.3

CVE-2026-24747

Vulnerable Library - torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Tensors and Dynamic neural networks in Python with strong GPU acceleration

Library home page: https://files.pythonhosted.org/packages/ef/d6/e6d4c57e61c2b2175d3aafbfb779926a2cfd7c32eeda7c543925dceec923/torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/torch-2.8.0.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's "weights_only" unpickler allows an attacker to craft a malicious checkpoint file (".pth") that, when loaded with "torch.load(..., weights_only=True)", can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.

Publish Date: 2026-01-27

URL: CVE-2026-24747

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2026-01-27

Fix Resolution (torch): 2.10.0

Direct dependency fix Resolution (sentence-transformers): 2.3.0

In order to enable automatic remediation, please create workflow rules

CVE-2026-0847

Vulnerable Library - nltk-3.9.2-py3-none-any.whl

Natural Language Toolkit

Library home page: https://files.pythonhosted.org/packages/60/90/81ac364ef94209c100e12579629dc92bf7a709a84af32f8c551b02c07e94/nltk-3.9.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/nltk-3.9.2.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • nltk-3.9.2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities.

Publish Date: 2026-03-04

URL: CVE-2026-0847

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 3 Score Details (8.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2026-03-04

Fix Resolution (nltk): 3.9.3

Direct dependency fix Resolution (sentence-transformers): 2.3.0

In order to enable automatic remediation, please create workflow rules

CVE-2026-0846

Vulnerable Library - nltk-3.9.2-py3-none-any.whl

Natural Language Toolkit

Library home page: https://files.pythonhosted.org/packages/60/90/81ac364ef94209c100e12579629dc92bf7a709a84af32f8c551b02c07e94/nltk-3.9.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/nltk-3.9.2.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • nltk-3.9.2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

A vulnerability in the "filestring()" function of the "nltk.util" module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input.

Publish Date: 2026-03-09

URL: CVE-2026-0846

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 3 Score Details (8.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2026-03-09

Fix Resolution (nltk): 3.9.3

Direct dependency fix Resolution (sentence-transformers): 2.3.0

In order to enable automatic remediation, please create workflow rules

CVE-2026-33236

Vulnerable Library - nltk-3.9.2-py3-none-any.whl

Natural Language Toolkit

Library home page: https://files.pythonhosted.org/packages/60/90/81ac364ef94209c100e12579629dc92bf7a709a84af32f8c551b02c07e94/nltk-3.9.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/nltk-3.9.2.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • nltk-3.9.2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the "subdir" and "id" attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences (such as "../"), which can lead to arbitrary directory creation, arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a patches the issue.

Publish Date: 2026-03-20

URL: CVE-2026-33236

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2026-33231

Vulnerable Library - nltk-3.9.2-py3-none-any.whl

Natural Language Toolkit

Library home page: https://files.pythonhosted.org/packages/60/90/81ac364ef94209c100e12579629dc92bf7a709a84af32f8c551b02c07e94/nltk-3.9.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/nltk-3.9.2.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • nltk-3.9.2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, "nltk.app.wordnet_app" allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple "GET /SHUTDOWN%20THE%20SERVER" request causes the process to terminate immediately via "os._exit(0)", resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.

Publish Date: 2026-03-20

URL: CVE-2026-33231

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2025-55551

Vulnerable Library - torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Tensors and Dynamic neural networks in Python with strong GPU acceleration

Library home page: https://files.pythonhosted.org/packages/ef/d6/e6d4c57e61c2b2175d3aafbfb779926a2cfd7c32eeda7c543925dceec923/torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/torch-2.8.0.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

Publish Date: 2025-09-25

URL: CVE-2025-55551

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2025-09-25

Fix Resolution (torch): 2.9.0

Direct dependency fix Resolution (sentence-transformers): 2.3.0

In order to enable automatic remediation, please create workflow rules

CVE-2025-68146

Vulnerable Library - filelock-3.19.1-py3-none-any.whl

A platform independent file lock.

Library home page: https://files.pythonhosted.org/packages/42/14/42b2651a2f46b022ccd948bca9f2d5af0fd8929c4eec235b8d6d844fbe67/filelock-3.19.1-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/filelock-3.19.1.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl
      • filelock-3.19.1-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with O_TRUNC. An attacker can create a symlink pointing to a victim file in the time gap between the check and open, causing os.open() to follow the symlink and truncate the target file. All users of filelock on Unix, Linux, macOS, and Windows systems are impacted. The vulnerability cascades to dependent libraries. The attack requires local filesystem access and ability to create symlinks (standard user permissions on Unix; Developer Mode on Windows 10+). Exploitation succeeds within 1-3 attempts when lock file paths are predictable. The issue is fixed in version 3.20.1. If immediate upgrade is not possible, use SoftFileLock instead of UnixFileLock/WindowsFileLock (note: different locking semantics, may not be suitable for all use cases); ensure lock file directories have restrictive permissions (chmod 0700) to prevent untrusted users from creating symlinks; and/or monitor lock file directories for suspicious symlinks before running trusted applications. These workarounds provide only partial mitigation. The race condition remains exploitable. Upgrading to version 3.20.1 is strongly recommended.

Publish Date: 2025-12-16

URL: CVE-2025-68146

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (6.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2025-12-16

Fix Resolution: filelock - 3.20.1

CVE-2026-33230

Vulnerable Library - nltk-3.9.2-py3-none-any.whl

Natural Language Toolkit

Library home page: https://files.pythonhosted.org/packages/60/90/81ac364ef94209c100e12579629dc92bf7a709a84af32f8c551b02c07e94/nltk-3.9.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/nltk-3.9.2.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • nltk-3.9.2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, "nltk.app.wordnet_app" contains a reflected cross-site scripting issue in the "lookup_..." route. A crafted "lookup_" URL can inject arbitrary HTML/JavaScript into the response page because attacker-controlled "word" data is reflected into HTML without escaping. This impacts users running the local WordNet Browser server and can lead to script execution in the browser origin of that application. Commit 1c3f799607eeb088cab2491dcf806ae83c29ad8f fixes the issue.

Publish Date: 2026-03-20

URL: CVE-2026-33230

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-gfwx-w7gr-fvh7

Release Date: 2026-03-20

Fix Resolution: nltk - 3.9.4

CVE-2026-4538

Vulnerable Library - torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Tensors and Dynamic neural networks in Python with strong GPU acceleration

Library home page: https://files.pythonhosted.org/packages/ef/d6/e6d4c57e61c2b2175d3aafbfb779926a2cfd7c32eeda7c543925dceec923/torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/torch-2.8.0.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.

Publish Date: 2026-03-22

URL: CVE-2026-4538

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 0.0%

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

CVE-2026-22701

Vulnerable Library - filelock-3.19.1-py3-none-any.whl

A platform independent file lock.

Library home page: https://files.pythonhosted.org/packages/42/14/42b2651a2f46b022ccd948bca9f2d5af0fd8929c4eec235b8d6d844fbe67/filelock-3.19.1-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/filelock-3.19.1.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl
      • filelock-3.19.1-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition between the permission validation and file creation to cause lock operations to fail or behave unexpectedly. The vulnerability occurs in the _acquire() method between raise_on_not_writable_file() (permission check) and os.open() (file creation). During this race window, an attacker can create a symlink at the lock file path, potentially causing the lock to operate on an unintended target file or leading to denial of service. This issue has been patched in version 3.20.3.

Publish Date: 2026-01-10

URL: CVE-2026-22701

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2026-01-10

Fix Resolution (filelock): 3.20.3

Direct dependency fix Resolution (sentence-transformers): 2.3.0

In order to enable automatic remediation, please create workflow rules

CVE-2025-55552

Vulnerable Library - torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Tensors and Dynamic neural networks in Python with strong GPU acceleration

Library home page: https://files.pythonhosted.org/packages/ef/d6/e6d4c57e61c2b2175d3aafbfb779926a2cfd7c32eeda7c543925dceec923/torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/torch-2.8.0.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Publish Date: 2025-09-25

URL: CVE-2025-55552

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

CVE-2025-3001

Vulnerable Library - torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Tensors and Dynamic neural networks in Python with strong GPU acceleration

Library home page: https://files.pythonhosted.org/packages/ef/d6/e6d4c57e61c2b2175d3aafbfb779926a2cfd7c32eeda7c543925dceec923/torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/torch-2.8.0.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Publish Date: 2025-03-31

URL: CVE-2025-3001

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

CVE-2025-2999

Vulnerable Library - torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Tensors and Dynamic neural networks in Python with strong GPU acceleration

Library home page: https://files.pythonhosted.org/packages/ef/d6/e6d4c57e61c2b2175d3aafbfb779926a2cfd7c32eeda7c543925dceec923/torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/torch-2.8.0.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Publish Date: 2025-03-31

URL: CVE-2025-2999

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

CVE-2025-2998

Vulnerable Library - torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Tensors and Dynamic neural networks in Python with strong GPU acceleration

Library home page: https://files.pythonhosted.org/packages/ef/d6/e6d4c57e61c2b2175d3aafbfb779926a2cfd7c32eeda7c543925dceec923/torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/torch-2.8.0.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Publish Date: 2025-03-31

URL: CVE-2025-2998

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

CVE-2026-25645

Vulnerable Library - requests-2.32.5-py3-none-any.whl

Python HTTP for Humans.

Library home page: https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/requests-2.32.5.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • huggingface_hub-0.36.2-py3-none-any.whl
      • requests-2.32.5-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

Requests is a HTTP library. Prior to version 2.33.0, the "requests.utils.extract_zipped_paths()" utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call "extract_zipped_paths()" directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set "TMPDIR" in their environment to a directory with restricted write access.

Publish Date: 2026-03-25

URL: CVE-2026-25645

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (4.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2026-03-25

Fix Resolution: https://github.com/psf/requests.git - v2.33.0

CVE-2025-63396

Vulnerable Library - torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Tensors and Dynamic neural networks in Python with strong GPU acceleration

Library home page: https://files.pythonhosted.org/packages/ef/d6/e6d4c57e61c2b2175d3aafbfb779926a2cfd7c32eeda7c543925dceec923/torch-2.8.0-cp310-none-macosx_11_0_arm64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/torch-2.8.0.dist-info

Dependency Hierarchy:

  • sentence-transformers-2.2.2.tar.gz (Root Library)
    • torch-2.8.0-cp310-none-macosx_11_0_arm64.whl (Vulnerable Library)

Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f

Found in base branch: main

Vulnerability Details

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

Publish Date: 2025-11-12

URL: CVE-2025-63396

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (3.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

In order to enable automatic remediation for this issue, please create workflow rules

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: dependency security vulnerabilitySecurity vulnerability detected by Mend

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions