{"data":{"slug":"huggingface-optimum-tpu","name":"optimum-tpu","trust":{"provenance":{"is_fork":false,"github_id":756234502,"owner_type":"Organization","methodology":"github_public_v1","parent_repo":null,"near_duplicate_slugs":[]},"computed_at":"2026-07-11T23:37:57.293Z","maintenance":{"label":"Archived","score":8,"methodology":"github_public_v1","releases_90d":0,"days_since_push":169,"last_release_at":"2024-12-19T10:43:41Z"},"security_summary":{"status":"findings","scanner":"osv@v1","low_count":17,"high_count":0,"last_scan_at":"2026-07-11T23:37:57.841Z","medium_count":3,"scan_profile":"deps","critical_count":1}},"findings":[{"id":"GHSA-3749-ghw9-m3mg","severity":"low","title":"PyTorch susceptible to local Denial of Service","package":"torch@2.5.1","cve":"CVE-2025-2953","location":"requirements.txt"},{"id":"GHSA-53q9-r3pm-6pq6","severity":"critical","title":"PyTorch: `torch.load` with `weights_only=True` leads to remote code execution","package":"torch@2.5.1","cve":"CVE-2025-32434","location":"requirements.txt"},{"id":"GHSA-887c-mr87-cxwp","severity":"medium","title":"PyTorch Improper Resource Shutdown or Release vulnerability","package":"torch@2.5.1","cve":"CVE-2025-3730","location":"requirements.txt"},{"id":"GHSA-c678-jfcj-6jmf","severity":"low","title":"PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument","package":"torch@2.5.1","cve":"CVE-2025-2148","location":"requirements.txt"},{"id":"GHSA-f4hp-rmr7-r7v8","severity":"medium","title":"PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function","package":"torch@2.5.1","cve":"CVE-2025-2998","location":"requirements.txt"},{"id":"GHSA-qfhq-4f3w-5fph","severity":"low","title":"PyTorch is vulnerable to memory corruption through its torch.lstm_cell function","package":"torch@2.5.1","cve":"CVE-2025-3001","location":"requirements.txt"},{"id":"GHSA-rrmf-rvhw-rf47","severity":"low","title":"PyTorch is vulnerable to memory corruption through its torch.jit.script function","package":"torch@2.5.1","cve":"CVE-2025-3000","location":"requirements.txt"},{"id":"GHSA-vgrw-7cvw-pwgx","severity":"medium","title":"PyTorch is vulnerable to memory corruption through its unpack_sequence function","package":"torch@2.5.1","cve":"CVE-2025-2999","location":"requirements.txt"},{"id":"GHSA-x3gm-94wq-g975","severity":"low","title":"PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module","package":"torch@2.5.1","cve":"CVE-2025-2149","location":"requirements.txt"},{"id":"PYSEC-2025-191","severity":"low","title":"PYSEC-2025-191","package":"torch@2.5.1","cve":"CVE-2025-2953","location":"requirements.txt"},{"id":"PYSEC-2025-198","severity":"low","title":"PYSEC-2025-198","package":"torch@2.5.1","cve":"CVE-2025-46148","location":"requirements.txt"},{"id":"PYSEC-2025-203","severity":"low","title":"PYSEC-2025-203","package":"torch@2.5.1","cve":"CVE-2025-55551","location":"requirements.txt"},{"id":"PYSEC-2025-204","severity":"low","title":"PYSEC-2025-204","package":"torch@2.5.1","cve":"CVE-2025-55552","location":"requirements.txt"},{"id":"PYSEC-2025-205","severity":"low","title":"PYSEC-2025-205","package":"torch@2.5.1","cve":"CVE-2025-55553","location":"requirements.txt"},{"id":"PYSEC-2025-206","severity":"low","title":"PYSEC-2025-206","package":"torch@2.5.1","cve":"CVE-2025-55554","location":"requirements.txt"},{"id":"PYSEC-2025-207","severity":"low","title":"PYSEC-2025-207","package":"torch@2.5.1","cve":"CVE-2025-55557","location":"requirements.txt"},{"id":"PYSEC-2025-208","severity":"low","title":"PYSEC-2025-208","package":"torch@2.5.1","cve":"CVE-2025-55558","location":"requirements.txt"},{"id":"PYSEC-2025-209","severity":"low","title":"PYSEC-2025-209","package":"torch@2.5.1","cve":"CVE-2025-55560","location":"requirements.txt"},{"id":"PYSEC-2025-41","severity":"low","title":"PYSEC-2025-41","package":"torch@2.5.1","cve":"CVE-2025-32434","location":"requirements.txt"},{"id":"PYSEC-2026-139","severity":"low","title":"PYSEC-2026-139","package":"torch@2.5.1","cve":"CVE-2026-4538","location":"requirements.txt"},{"id":"PYSEC-2026-1970","severity":"low","title":"PyTorch Improper Resource Shutdown or Release vulnerability","package":"torch@2.5.1","cve":"CVE-2025-3730","location":"requirements.txt"}],"methodology":"github_public_v1"}}