change-analyzer (>=0.14.0 <=0.16.1), mindsdb (>=0.9.1.0 <=1.3.1) potentially affected by CVE-2026-31237 via ludwig (>=0.17.5 <=0.5.5)

ludwig PYPI version =0.17.5, =0.14.0, =0.9.1.0, =1.3.1 Source cves: CVE-2026-31237 Source advisory: SNYK:PYTHON-LUDWIG-17057195...

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the model service component using torch.load without enabling the weightsonly=True parameter when loading model...