This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate tch

Dependencies

(14 total, 6 outdated)

CrateRequiredLatestStatus
 lazy_static^1.3.01.5.0up to date
 libc^0.2.00.2.172up to date
 ndarray^0.16.10.16.1up to date
 rand^0.80.9.1out of date
 thiserror^12.0.12out of date
 zip^0.62.6.1out of date
 half^22.6.0up to date
 safetensors^0.3.00.5.3out of date
 cpython^0.7.10.7.2up to date
 regex^1.6.01.11.1up to date
 image^0.24.50.25.6out of date
 clap^4.2.44.5.37up to date
 serde_json^1.0.961.0.140up to date
 memmap2^0.6.10.9.5out of date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^1.0.601.0.98up to date

Crate torch-sys

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 libc^0.2.00.2.172up to date

Build dependencies

(6 total, 2 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.601.0.98up to date
 cc^1.21.2.21up to date
 ureq^2.63.0.11out of date
 serde_json^1.01.0.140up to date
 serde^1.01.0.219up to date
 zip^0.62.6.1out of date

Crate pyo3-tch

Dependencies

(1 total, 1 possibly insecure)

CrateRequiredLatestStatus
 pyo3 ⚠️^0.240.24.2maybe insecure

Crate tch-ext

Dependencies

(1 total, 1 possibly insecure)

CrateRequiredLatestStatus
 pyo3 ⚠️^0.240.24.2maybe insecure

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.