Onnx

This hub aggregates every CVE we track for Onnx, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 11 most recently published vulnerabilities affecting Onnx.

• CVE-2026-34447ONNX: External Data Symlink Traversal5.5Apr 1, 2026
• CVE-2026-34446ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load4.7Apr 1, 2026
• CVE-2026-27489ONNX: Path Traversal via Symlink7.5Apr 1, 2026
• CVE-2026-34445ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.8.6Apr 1, 2026
• CVE-2026-28500ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack8.6Mar 18, 2026
• CVE-2025-51480Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containin...8.8Jul 22, 2025
• CVE-2024-7776Arbitrary File Overwrite in onnx/onnx9.1Mar 20, 2025
• CVE-2024-5187Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx8.8Jun 6, 2024
• CVE-2024-27319Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.4.4Feb 23, 2024
• CVE-2024-27318Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model ...7.5Feb 23, 2024
• CVE-2022-25882Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current direct...7.5Jan 25, 2023