Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

oneflow

Source -

NVDADP

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

7

CISA CVEs -

0

NVD CVEs -

29
Related CVEsRelated ProductsRelated AssignersReports
29Vulnerabilities found
CVE-2025-71008
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 2.66%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation violation in the oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_differentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CVE-2025-71011
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 5.08%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-71009
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 5.08%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-65889
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.12%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-65890
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.12%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-65891
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.18%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-70999
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.90%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-71000
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.90%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-71001
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.00%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-71002
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.83%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2025-71003
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-71004
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.48%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-71005
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.83%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-369
Divide By Zero
CVE-2025-71006
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.83%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-369
Divide By Zero
CVE-2025-71007
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-65886
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.12%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-65887
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.67%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-369
Divide By Zero
CVE-2025-65888
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.12%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 00:00
Updated-03 Feb, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-63397
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.05%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 00:00
Updated-31 Dec, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36730
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 19:06
Updated-14 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-36732
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 18:51
Updated-02 May, 2025 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-36734
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.23%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 18:44
Updated-02 May, 2025 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36735
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.34%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 18:41
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2024-36740
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.27%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 18:40
Updated-01 May, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36736
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.44%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:47
Updated-25 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-682
Incorrect Calculation
CVE-2024-36737
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:43
Updated-02 May, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-229
Improper Handling of Values
CVE-2024-36745
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 37.60%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:16
Updated-25 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter.

Action-Not Available
Vendor-oneflown/a
Product-oneflown/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36743
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.71%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:12
Updated-02 May, 2025 | 12:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-36742
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 37.60%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:10
Updated-02 May, 2025 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-20
Improper Input Validation