Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Scikit-learn Security Vulnerabilities

cve
cve

CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

4.7CVSS

6.9AI Score

0.0004EPSS

2024-06-06 07:16 PM
25
cve
cve

CVE-2020-28975

svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support...

7.5CVSS

7.1AI Score

0.002EPSS

2020-11-21 09:15 PM
90
2
cve
cve

CVE-2020-13092

scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the...

9.8CVSS

9.5AI Score

0.01EPSS

2020-05-15 07:15 PM
90