8.6 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.
References
Affected products
- ==<= 1.20.1
Matching in nixpkgs
pkgs.onnx
Open Neural Network Exchange
pkgs.onnxruntime
Cross-platform, high performance scoring engine for ML models
pkgs.sherpa-onnx
Speech-to-text, text-to-speech, and speaker recognition using next-gen Kaldi with onnxruntime
pkgs.pkgsRocm.onnxruntime
Cross-platform, high performance scoring engine for ML models
pkgs.pkgsRocm.sherpa-onnx
Speech-to-text, text-to-speech, and speaker recognition using next-gen Kaldi with onnxruntime
pkgs.python312Packages.onnx
Open Neural Network Exchange
pkgs.python313Packages.onnx
Open Neural Network Exchange
pkgs.python314Packages.onnx
Open Neural Network Exchange
pkgs.python312Packages.tf2onnx
Convert TensorFlow, Keras, Tensorflow.js and Tflite models to ONNX
-
nixos-25.11 tf2onnx-1.16.1
- nixos-25.11-small tf2onnx-1.16.1
- nixpkgs-25.11-darwin tf2onnx-1.16.1
pkgs.python313Packages.onnx-ir
Efficient in-memory representation for ONNX, in Python
pkgs.python313Packages.tf2onnx
Convert TensorFlow, Keras, Tensorflow.js and Tflite models to ONNX
-
nixos-unstable tf2onnx-1.16.1
- nixpkgs-unstable tf2onnx-1.16.1
- nixos-unstable-small tf2onnx-1.16.1
-
nixos-25.11 tf2onnx-1.16.1
- nixos-25.11-small tf2onnx-1.16.1
- nixpkgs-25.11-darwin tf2onnx-1.16.1
pkgs.python314Packages.onnx-ir
Efficient in-memory representation for ONNX, in Python
pkgs.python312Packages.onnxslim
Toolkit to Help Optimize Onnx Model
pkgs.python312Packages.skl2onnx
Convert scikit-learn models to ONNX
-
nixos-25.11 skl2onnx-1.19.1
- nixos-25.11-small skl2onnx-1.19.1
- nixpkgs-25.11-darwin skl2onnx-1.19.1
pkgs.python313Packages.onnx-asr
Lightweight Automatic Speech Recognition using ONNX models
pkgs.python313Packages.onnxslim
Toolkit to Help Optimize Onnx Model
pkgs.python313Packages.skl2onnx
Convert scikit-learn models to ONNX
-
nixos-unstable skl2onnx-1.19.1
- nixpkgs-unstable skl2onnx-1.19.1
- nixos-unstable-small skl2onnx-1.19.1
-
nixos-25.11 skl2onnx-1.19.1
- nixos-25.11-small skl2onnx-1.19.1
- nixpkgs-25.11-darwin skl2onnx-1.19.1
pkgs.python314Packages.onnx-asr
Lightweight Automatic Speech Recognition using ONNX models
pkgs.python314Packages.onnxslim
Toolkit to Help Optimize Onnx Model
pkgs.python314Packages.skl2onnx
Convert scikit-learn models to ONNX
-
nixos-unstable skl2onnx-1.19.1
- nixpkgs-unstable skl2onnx-1.19.1
- nixos-unstable-small skl2onnx-1.19.1
pkgs.python313Packages.onnxscript
Naturally author ONNX functions and models using a subset of Python
pkgs.python314Packages.onnxscript
Naturally author ONNX functions and models using a subset of Python
pkgs.python312Packages.onnxmltools
ONNXMLTools enables conversion of models to ONNX
pkgs.python312Packages.onnxruntime
Cross-platform, high performance scoring engine for ML models
pkgs.python312Packages.paddle2onnx
ONNX Model Exporter for PaddlePaddle
-
nixos-25.11 paddle2onnx-2.0.1
- nixos-25.11-small paddle2onnx-2.0.1
- nixpkgs-25.11-darwin paddle2onnx-2.0.1
pkgs.python313Packages.onnxmltools
ONNXMLTools enables conversion of models to ONNX
pkgs.python313Packages.onnxruntime
Cross-platform, high performance scoring engine for ML models
pkgs.python313Packages.sherpa-onnx
Python bindings for sherpa-onnx speech recognition
pkgs.python314Packages.onnxmltools
ONNXMLTools enables conversion of models to ONNX
pkgs.python314Packages.onnxruntime
Cross-platform, high performance scoring engine for ML models
pkgs.python314Packages.sherpa-onnx
Python bindings for sherpa-onnx speech recognition
pkgs.python313Packages.optimum-onnx
Export your model to ONNX and run inference with ONNX Runtime
pkgs.python314Packages.optimum-onnx
Export your model to ONNX and run inference with ONNX Runtime
pkgs.pkgsRocm.python3Packages.onnx-ir
Efficient in-memory representation for ONNX, in Python
pkgs.pkgsRocm.python3Packages.tf2onnx
Convert TensorFlow, Keras, Tensorflow.js and Tflite models to ONNX
-
nixos-unstable tf2onnx-1.16.1
- nixpkgs-unstable tf2onnx-1.16.1
- nixos-unstable-small tf2onnx-1.16.1
-
nixos-25.11 tf2onnx-1.16.1
- nixos-25.11-small tf2onnx-1.16.1
- nixpkgs-25.11-darwin tf2onnx-1.16.1
pkgs.pkgsRocm.python3Packages.onnx-asr
Lightweight Automatic Speech Recognition using ONNX models
pkgs.pkgsRocm.python3Packages.onnxscript
Naturally author ONNX functions and models using a subset of Python
pkgs.python312Packages.onnxruntime-tools
Transformers Model Optimization Tool of ONNXRuntime
pkgs.python313Packages.onnxruntime-tools
Transformers Model Optimization Tool of ONNXRuntime
pkgs.python314Packages.onnxruntime-tools
Transformers Model Optimization Tool of ONNXRuntime
pkgs.pkgsRocm.python3Packages.onnxruntime
Cross-platform, high performance scoring engine for ML models
pkgs.pkgsRocm.python3Packages.sherpa-onnx
Python bindings for sherpa-onnx speech recognition
pkgs.pkgsRocm.python3Packages.optimum-onnx
Export your model to ONNX and run inference with ONNX Runtime
pkgs.python312Packages.onnxconverter-common
ONNX Converter and Optimization Tools
pkgs.python312Packages.rapidocr-onnxruntime
Cross platform OCR Library based on OnnxRuntime
pkgs.python313Packages.onnxconverter-common
ONNX Converter and Optimization Tools
pkgs.python313Packages.rapidocr-onnxruntime
Cross platform OCR Library based on OnnxRuntime
pkgs.python314Packages.onnxconverter-common
ONNX Converter and Optimization Tools
pkgs.python314Packages.rapidocr-onnxruntime
Cross platform OCR Library based on OnnxRuntime
Package maintainers
-
@cbourjau Christian Bourjau <christianb@posteo.de>
-
@puffnfresh Brian McKenna <brian@brianmckenna.org>
-
@ck3d Christian Kögler <ck3d@gmx.de>
-
@acairncross Aiken Cairncross <acairncross@gmail.com>
-
@happysalada Raphael Megzari <raphael@megzari.com>
-
@pluiedev Leah Amelia Chen <hi@pluie.me>
-
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
-
@jaredmontoya Jared Montoya
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@wrvsrx wrvsrx <wrvsrx@outlook.com>
-
@ferrine Max Kochurov <justferres@yandex.ru>