Supply Chain Incident
PyTorch nightly dependency confusion compromise
A malicious torchtriton package on PyPI was installed by some PyTorch nightly users because it shadowed an expected dependency name.
ConfidenceHigh
Evidence LevelVendor
Attack StageDependency Resolution
Source Artifact DivergenceNo
Affected Packages
Affected Releases
No structured records.
Repositories
Organizations
Maintainers
No structured records.
Threat Actors
No structured records.
Campaigns
No structured records.
Build Systems
- PyTorch nightly build pipeline
Distribution Channels
- PyPI
Compromised Accounts
No structured records.
Connected Entities
- PyPI Distribution Channel
- PyTorch Organization
- PyTorch nightly build pipeline Build System
- pytorch/pytorch Repository
- torchtriton Package