CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.

Published Jan 30, 2026

https://github.com/advisories/GHSA-m9p8-wvpp-vmmm

CVSS ScoreHigh

7.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.

Published Jan 30, 2026

https://github.com/advisories/GHSA-m9p8-wvpp-vmmm

CVSS ScoreHigh

7.5


pypi	oneflow	0.0.2
pypi	oneflow	0.0.3
pypi	oneflow	0.6.0
pypi	oneflow	0.7.0
pypi	oneflow	0.8.0
pypi	oneflow	0.9.0

Ecosystem	Package	Version


pypi	oneflow	0.0.2
pypi	oneflow	0.0.3
pypi	oneflow	0.6.0
pypi	oneflow	0.7.0
pypi	oneflow	0.8.0
pypi	oneflow	0.9.0

Find vulnerabilities. Fix fast with AI.

CVE-2025-70999

CVE-2025-70999