lightningai CVE Vulnerabilities & Metrics

Focus on lightningai vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About lightningai Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with lightningai. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total lightningai CVEs: 3
Earliest CVE date: 23 Dec 2021, 18:15 UTC
Latest CVE date: 06 Jun 2024, 18:15 UTC

Latest CVE reference: CVE-2024-5452

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical lightningai CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.6

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	1
7.0-8.9	0
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS lightningai CVEs

These are the five CVEs with the highest CVSS scores for lightningai, sorted by severity first and recency.

CVE-2022-0845 lightningai Published on 05 Mar 2022, 22:15 UTC (CVSS: 10.0)
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
CVE-2021-4118 lightningai Published on 23 Dec 2021, 18:15 UTC (CVSS: 6.8)
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
CVE-2024-5452 lightningai Published on 06 Jun 2024, 18:15 UTC (CVSS: 0)
A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifyin...

All CVEs for lightningai

CVE-2024-5452 lightningai vulnerability CVSS: 0 06 Jun 2024, 18:15 UTC

A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default.

CVE-2022-0845 lightningai vulnerability CVSS: 10.0 05 Mar 2022, 22:15 UTC

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.

CVE-2021-4118 lightningai vulnerability CVSS: 6.8 23 Dec 2021, 18:15 UTC

pytorch-lightning is vulnerable to Deserialization of Untrusted Data