1 files changed, 10 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/development/python-modules/onnx/default.nix b/nixpkgs/pkgs/development/python-modules/onnx/default.nix
index 7d5e27138ecc..bcfd0cf6e3cf 100644
--- a/nixpkgs/pkgs/development/python-modules/onnx/default.nix
+++ b/nixpkgs/pkgs/development/python-modules/onnx/default.nix
@@ -3,6 +3,7 @@
 , buildPythonPackage
 , cmake
 , fetchFromGitHub
+, fetchpatch
 , gtest
 , nbval
 , numpy
@@ -35,6 +36,15 @@ in buildPythonPackage rec {
     hash = "sha256-Jzga1IiUO5LN5imSUmnbsjYtapRatTihx38EOUjm9Os=";
   };
 
+  patches = [
+    ./1.15.0-CVE-2024-27318.patch
+    (fetchpatch {
+      name = "CVE-2024-27319.patch";
+      url = "https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287.patch";
+      hash = "sha256-9X92N9i/hpQjDGe4I/C+FwUcTUTtP2Nf7+pcTA2sXoA=";
+    })
+  ];
+
   nativeBuildInputs = [
     cmake
     pybind11