Home » Database



Compromised PyTorch Dependency Chain


Linux packages for PyTorch’s pre-release version, called Pytorch-nightly, were compromised from December 25 to 30, 2022 by a malicious binary uploaded to the Python Package Index (PyPI) code repository. The malicious binary had the same name as a PyTorch dependency and the PyPI package manager (pip) installed this malicious package instead of the legitimate one.

This supply chain attack, also known as “dependency confusion,” exposed sensitive information of Linux machines with the affected pip-installed versions of PyTorch-nightly. On December 30, 2022, PyTorch announced the incident and initial steps towards mitigation, including the rename and removal of torchtriton dependencies.


AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0202: Software Compromise
  • Lifecycle stages: L02: Data Understanding, L03: Data Preparation, L04: Model Development, L05: Evaluation, L06: Deployment

Affected or Relevant Artifacts

  • Developer:
  • Deployer: PyTorch
  • Artifact Details:

Other information

  • Vulnerability Class: ATLAS Case Study
  • Credits: PyTorch
  • Date Published: 2023-03-31
  • Date Last Modified: 2023-03-31
  • Version: 0.2
  • AVID Entry