145 matches found
EUVD-2025-6908
Malicious code in bioql PyPI...
EUVD-2025-6909
Malicious code in bioql PyPI...
EUVD-2025-6905
Malicious code in bioql PyPI...
EUVD-2025-6894
Malicious code in bioql PyPI...
EUVD-2025-6904
Malicious code in bioql PyPI...
EUVD-2025-6907
Malicious code in bioql PyPI...
EUVD-2025-6899
Malicious code in bioql PyPI...
EUVD-2025-5038
Malicious code in bioql PyPI...
Deserialization Of Untrusted Data
ms-swift is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to malicious pickle deserialization in adapter model files, allowing arbitrary command execution when loading specially crafted adapter models from ModelScope...
CVE-2025-50472
The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadmodelmeta function of the ModelFileSystemCache class. Attackers can execute arbitrary code and commands by crafting a malicious serialized .mdl payload,...
SWIFT 安全漏洞
SWIFT is a large model and multimodal large model fine-tuning deployment framework from ModelScope open source. A security vulnerability exists in SWIFT version 3.3.0, which stems from an unsafe deserialization of yaml.load in the PyYAML library, which could lead to arbitrary code execution...
PT-2025-31646 · Modelscope · Ms-Swift
Name of the Vulnerable Software and Affected Versions: modelscope/ms-swift versions through 2.6.1 Description: The modelscope/ms-swift library is susceptible to arbitrary code execution through the deserialization of untrusted data. This occurs within the load model meta function of the...
CVE-2025-50472
The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadmodelmeta function of the ModelFileSystemCache class. Attackers can execute arbitrary code and commands by crafting a malicious serialized .mdl payload,...
GHSA-R54C-2XMF-2CF3 MS SWIFT Deserialization RCE Vulnerability
This appears to be a security vulnerability report describing a remote code execution RCE exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from...
MS SWIFT Deserialization RCE Vulnerability
This appears to be a security vulnerability report describing a remote code execution RCE exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from...
modelscope (>=1.9.0 <=1.9.1), scepter (>=0.0.1 <=1.4.1) potentially affected by unknown CVE via ms-swift (>=1.3.0 <=3.10.3)
ms-swift PYPI version =1.3.0, =1.9.0, =0.0.1, =1.4.1 Source cves: unknown CVE Source advisory: OSV:GHSA-R54C-2XMF-2CF3...
modelscope (>=1.9.0 <=1.9.1), scepter (>=0.0.1 <=1.4.1) potentially affected by CVE-2025-41419 via ms-swift (>=1.3.0 <=3.10.3)
ms-swift PYPI version =1.3.0, =1.9.0, =0.0.1, =1.4.1 Source cves: CVE-2025-41419 Source advisory: OSV:GHSA-7C78-RM87-5673...
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
Description A Remote Code Execution RCE vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load in combination with vulnerable versions of the PyYAML library ≤ 5.3.1. The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is...
modelscope (>=1.9.0 <=1.9.1), scepter (>=0.0.1 <=1.4.1) potentially affected by CVE-2025-50460 via ms-swift (>=1.3.0 <=3.10.3)
ms-swift PYPI version =1.3.0, =1.9.0, =0.0.1, =1.4.1 Source cves: CVE-2025-50460 Source advisory: OSV:GHSA-FM6C-F59H-7MMG...
Exploit for CVE-2025-50460
CVE-2025-50460: Remote Code Execution in modelscope/ms-swift v...