VDB
KO
HIGH 7.5

PYSEC-2026-2239

Details

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / onnx
Introduced in: 0 Fixed in: 1.21.0
Fix pip install --upgrade 'onnx>=1.21.0'

References