Ludwig framework is vulnerable to insecure deserialization through its predict() method.

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the predict method, which uses pandas.readpickle without proper validation when loading pickle files. This coul...

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the model service component using torch.load without enabling the weightsonly=True parameter when loading model...

CVE-2026-31237

The Ludwig framework (up to version 0.10.4) is reported to be vulnerable to insecure deserialization (CWE-502) in its predict() function. If a user supplies a dataset file path to predict(), Ludwig attempts to determine the file format and, when encountering a pickle (.pkl) file, loads it via pan...

2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +272 more potentially affected by CVE-2026-32621 via @apollo/gateway (>=0.10.4 <=2.9.3)

@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2026-32621 Source advisory: OSV:GHSA-PFJJ-6F4P-RVMH...

CVE-2022-35463

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0478...

CVE-2022-35470

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x65fc97...

CVE-2022-35469

OTFCC v0.10.4 was discovered to contain a segmentation violation via /x8664-linux-gnu/libc.so.6+0xbb384...

CVE-2022-35462

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0bc3...

CVE-2022-35464

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6171b2...

Oracle Linux 9 : libssh (ELSA-2025-18275)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-18275 advisory. 0.10.4-15 - Rebuild due to broken build auto-tagging 0.10.4-14 - Fix CVE-2025-5318 Resolves: RHEL-111730 Tenable has extracted the preceding description block...

EUVD-2004-1137

Malware in sbrugna...

EUVD-2022-38366

Malicious code in bioql PyPI...

EUVD-2022-38364

Malicious code in bioql PyPI...

EUVD-2025-25141

Malicious code in bioql PyPI...

EUVD-2022-38360

Malicious code in bioql PyPI...

EUVD-2022-38358

Malicious code in bioql PyPI...

EUVD-2022-38348

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-33047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c. CVE-2022-33047 Note that Nessus relies on the presence of the packag...

Linux Distros Unpatched Vulnerability : CVE-2022-35477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. CVE-2022-35477 Note that Nessus relies on the presence of...