Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| MEDIUM | CVE-2025-3730 | torch | 2.7.1 | 2.8.0 | A vulnerability, which was classified as problematic, was found in PyT ... |
| Type | File | Line | Match |
|---|---|---|---|
| ✅ No secrets found | |||
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| ✅ No misconfigurations found | ||||
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019cfa60-5734-775a-a21e-8e7091036ca3",
"CreatedAt": "2026-03-17T05:59:03.732484459Z",
"ArtifactID": "sha256:64183c1d438617628dcc3b2e826addce901bf4910f9f35aa6ae0ca05c7d60e33",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-text-to-audio-api.git",
"Branch": "merge-services/vulnerability-fix",
"Commit": "5a348bb1443ebae142740abd47d765cd0db8abf9",
"CommitMsg": "updated requirments",
"Author": "eizen-jenil <jenil.patel@eizen.ai>",
"Committer": "eizen-jenil <jenil.patel@eizen.ai>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "PyYAML",
"Identifier": {
"PURL": "pkg:pypi/pyyaml@6.0.3",
"UID": "135ca2fcc9bbd241"
},
"Version": "6.0.3",
"Locations": [
{
"StartLine": 16,
"EndLine": 16
}
],
"AnalyzedBy": "pip"
},
{
"Name": "boto3",
"Identifier": {
"PURL": "pkg:pypi/boto3@1.42.66",
"UID": "aa2a01c69153228e"
},
"Version": "1.42.66",
"Locations": [
{
"StartLine": 1,
"EndLine": 1
}
],
"AnalyzedBy": "pip"
},
{
"Name": "einops",
"Identifier": {
"PURL": "pkg:pypi/einops@0.8.2",
"UID": "ad8a6a8d7aad49cd"
},
"Version": "0.8.2",
"Locations": [
{
"StartLine": 2,
"EndLine": 2
}
],
"AnalyzedBy": "pip"
},
{
"Name": "einops-exts",
"Identifier": {
"PURL": "pkg:pypi/einops-exts@0.0.4",
"UID": "3e1ce2e59fa4d247"
},
"Version": "0.0.4",
"Locations": [
{
"StartLine": 3,
"EndLine": 3
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fastapi",
"Identifier": {
"PURL": "pkg:pypi/fastapi@0.135.1",
"UID": "b44601d82b239dda"
},
"Version": "0.135.1",
"Locations": [
{
"StartLine": 4,
"EndLine": 4
}
],
"AnalyzedBy": "pip"
},
{
"Name": "librosa",
"Identifier": {
"PURL": "pkg:pypi/librosa@0.11.0",
"UID": "2b7abd8782925beb"
},
"Version": "0.11.0",
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
],
"AnalyzedBy": "pip"
},
{
"Name": "loguru",
"Identifier": {
"PURL": "pkg:pypi/loguru@0.7.3",
"UID": "539c571ea4d606b0"
},
"Version": "0.7.3",
"Locations": [
{
"StartLine": 6,
"EndLine": 6
}
],
"AnalyzedBy": "pip"
},
{
"Name": "munch",
"Identifier": {
"PURL": "pkg:pypi/munch@4.0.0",
"UID": "ef47665f3332b625"
},
"Version": "4.0.0",
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nltk",
"Identifier": {
"PURL": "pkg:pypi/nltk@3.9.3",
"UID": "da8338557b1abbd4"
},
"Version": "3.9.3",
"Locations": [
{
"StartLine": 8,
"EndLine": 8
}
],
"AnalyzedBy": "pip"
},
{
"Name": "numpy",
"Identifier": {
"PURL": "pkg:pypi/numpy@2.4.3",
"UID": "1d17a258fbebb4fa"
},
"Version": "2.4.3",
"Locations": [
{
"StartLine": 9,
"EndLine": 9
}
],
"AnalyzedBy": "pip"
},
{
"Name": "omegaconf",
"Identifier": {
"PURL": "pkg:pypi/omegaconf@2.3.0",
"UID": "34e980ea6fb43cf8"
},
"Version": "2.3.0",
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
],
"AnalyzedBy": "pip"
},
{
"Name": "phonemizer",
"Identifier": {
"PURL": "pkg:pypi/phonemizer@3.3.0",
"UID": "73f3d79e91df22d2"
},
"Version": "3.3.0",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pydub",
"Identifier": {
"PURL": "pkg:pypi/pydub@0.25.1",
"UID": "fd687759e07e9a7d"
},
"Version": "0.25.1",
"Locations": [
{
"StartLine": 12,
"EndLine": 12
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.16.0",
"UID": "18dc2bd96eff326f"
},
"Version": "4.16.0",
"Locations": [
{
"StartLine": 13,
"EndLine": 13
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dotenv",
"Identifier": {
"PURL": "pkg:pypi/python-dotenv@1.2.2",
"UID": "6da8585f06a74108"
},
"Version": "1.2.2",
"Locations": [
{
"StartLine": 14,
"EndLine": 14
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-multipart",
"Identifier": {
"PURL": "pkg:pypi/python-multipart@0.0.22",
"UID": "8491132e6e6b835b"
},
"Version": "0.0.22",
"Locations": [
{
"StartLine": 15,
"EndLine": 15
}
],
"AnalyzedBy": "pip"
},
{
"Name": "redis",
"Identifier": {
"PURL": "pkg:pypi/redis@7.3.0",
"UID": "86858f80d911c029"
},
"Version": "7.3.0",
"Locations": [
{
"StartLine": 17,
"EndLine": 17
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.5",
"UID": "141cf1da9aed7d2c"
},
"Version": "2.32.5",
"Locations": [
{
"StartLine": 18,
"EndLine": 18
}
],
"AnalyzedBy": "pip"
},
{
"Name": "soundfile",
"Identifier": {
"PURL": "pkg:pypi/soundfile@0.13.1",
"UID": "13c375f3608846c4"
},
"Version": "0.13.1",
"Locations": [
{
"StartLine": 19,
"EndLine": 19
}
],
"AnalyzedBy": "pip"
},
{
"Name": "torch",
"Identifier": {
"PURL": "pkg:pypi/torch@2.7.1",
"UID": "f84d77a397f4c4aa"
},
"Version": "2.7.1",
"Locations": [
{
"StartLine": 20,
"EndLine": 20
}
],
"AnalyzedBy": "pip"
},
{
"Name": "torchaudio",
"Identifier": {
"PURL": "pkg:pypi/torchaudio@2.7.1",
"UID": "7139638bbf1544f6"
},
"Version": "2.7.1",
"Locations": [
{
"StartLine": 21,
"EndLine": 21
}
],
"AnalyzedBy": "pip"
},
{
"Name": "torchcodec",
"Identifier": {
"PURL": "pkg:pypi/torchcodec@0.10.0",
"UID": "4acc78374b7611fe"
},
"Version": "0.10.0",
"Locations": [
{
"StartLine": 22,
"EndLine": 22
}
],
"AnalyzedBy": "pip"
},
{
"Name": "transformers",
"Identifier": {
"PURL": "pkg:pypi/transformers@5.3.0",
"UID": "40affc4167a181b0"
},
"Version": "5.3.0",
"Locations": [
{
"StartLine": 23,
"EndLine": 23
}
],
"AnalyzedBy": "pip"
},
{
"Name": "uvicorn",
"Identifier": {
"PURL": "pkg:pypi/uvicorn@0.41.0",
"UID": "bc845b78b677b9ab"
},
"Version": "0.41.0",
"Locations": [
{
"StartLine": 24,
"EndLine": 24
}
],
"AnalyzedBy": "pip"
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2025-3730",
"VendorIDs": [
"GHSA-887c-mr87-cxwp"
],
"PkgName": "torch",
"PkgIdentifier": {
"PURL": "pkg:pypi/torch@2.7.1",
"UID": "f84d77a397f4c4aa"
},
"InstalledVersion": "2.7.1",
"FixedVersion": "2.8.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3730",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:5d57559f9648327d7e9e1af18473ad97924ad36a3e0762c09f2c90d4b4a65ff9",
"Title": "A vulnerability, which was classified as problematic, was found in PyT ...",
"Description": "A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-404"
],
"VendorSeverity": {
"azure": 2,
"bitnami": 2,
"cbl-mariner": 2,
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"bitnami": {
"V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"V40Score": 4.8
},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"V3Score": 3.3,
"V40Score": 4.8
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://github.com/pytorch/pytorch",
"https://github.com/pytorch/pytorch/commit/01f226bfb8f2c343f5c614a6bbf685d91160f3af",
"https://github.com/pytorch/pytorch/issues/150835",
"https://github.com/pytorch/pytorch/issues/150835#issue-2979082232",
"https://github.com/pytorch/pytorch/pull/150981",
"https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3730",
"https://vuldb.com/?ctiid.305076",
"https://vuldb.com/?id.305076",
"https://vuldb.com/?submit.553645"
],
"PublishedDate": "2025-04-16T21:15:48.7Z",
"LastModifiedDate": "2025-05-28T17:35:54.08Z"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 24,
"Failures": 0
}
}
]
}