Back to list

Compromise of PyTorch Lightning PyPi Package Versions — CVE-2026-44484

GitHub · GitHub · CVE-2026-44484

ID
CVE-2026-44484
Date
Updated
Activity
Source
GitHub
Vendor
GitHub
Threat
critical
CVSS
9.3

Summary

# Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions **Published:** 2026-04-30 **Last Updated:** 2026-05-12 **Github Advisory:** [CVE-2026-44484](https://github.com/advisories/GHSA-w37p-236h-pfx3) We have identified a security incident affecting certain versions of one of our PyPI packages. ## What happened We have determined that one or more released versions of this package have been…

Product

pip: pytorch-lightning

What to do

General, cautious steps (verify details in the official source):

  • Prioritize patching or mitigation immediately (treat as actively risky).
  • Identify affected product versions in your inventory and verify whether you are impacted.
  • Apply vendor patches/updates or recommended mitigations as soon as available.
  • Read the official advisory for exact affected versions and remediation steps.

Official advisory

Related advisories

GitHub GitHub 2026-W20