# 飞桨安全公告

我们在此定期发布飞桨安全公告。



注：我们非常建议飞桨用户阅读和理解[SECURITY_cn.md](../SECURITY_cn.md)所介绍的飞桨安全模型，以便更好地了解此安全公告。


| 安全公告编号                                          | 类型                                                   |    受影响版本     | 报告者                                                             | 备注 |
|-------------------------------------------------|------------------------------------------------------|:------------:|-----------------------------------------------------------------|----|
| [PDSA-2023-005](./advisory/pdsa-2023-005_cn.md) | Command injection in fs.py                           |   < 2.5.0    | Xiaochen Guo from Huazhong University of Science and Technology |    |
| [PDSA-2023-004](./advisory/pdsa-2023-004_cn.md) | FPE in paddle.linalg.matrix_power                    |   < 2.5.0    | Tong Liu of ShanghaiTech University                             |    |
| [PDSA-2023-003](./advisory/pdsa-2023-003_cn.md) | Heap buffer overflow in paddle.trace                 |   < 2.5.0    | Tong Liu of ShanghaiTech University                             |    |
| [PDSA-2023-002](./advisory/pdsa-2023-002_cn.md) | Null pointer dereference in paddle.flip              |   < 2.5.0    | Tong Liu of ShanghaiTech University                             |    |
| [PDSA-2023-001](./advisory/pdsa-2023-001_cn.md) | Use after free in paddle.diagonal                    |   < 2.5.0    | Tong Liu of ShanghaiTech University                             |    |
| [PDSA-2022-002](./advisory/pdsa-2022-002_cn.md) | Code injection in paddle.audio.functional.get_window | = 2.4.0-rc0  | Tong Liu of ShanghaiTech University                             |    |
| [PDSA-2022-001](./advisory/pdsa-2022-001_cn.md) | OOB read in gather_tree                              |    < 2.4     | Wang Xuan(王旋) of Qihoo 360 AIVul Team                           |    |