Skip to content

Dependabot alert -> torch Version <= 2.7.1 ( CVE-2025-3730 ) #734

New issue
New issue
Open
Open
Dependabot alert -> torch Version <= 2.7.1 ( CVE-2025-3730 )#734
Labels
bugSomething isn't working
Milestone
1.0
@marctessier

Description

@marctessier
marctessier
opened on Aug 20, 2025

Bug description

We should upgrade torch to the latest stable version 2.8.0.

2.7.1 was the last version release on that branch.

This will resolve the dependabot vulnerability detected below.

https://github.com/EveryVoiceTTS/EveryVoice/security/dependabot/25
( PyTorch Improper Resource Shutdown or Release vulnerability )
CVE-2025-3730

How to reproduce the bug

Error messages and logs

# Error messages and logs here please

Environment

Current environment 
# Please paste the output of `everyvoice --diagnostic` here
# EveryVoice Diagnostic information

More info

see : https://nvd.nist.gov/vuln/detail/CVE-2025-3730

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions