CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/05/15 1:57 a.m.•4 views

CVE-2026-31237

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.3AI score0.00513EPSS

Exploits0References1

OSV•added 2026/05/12 6:30 p.m.•2 views

GHSA-WCR3-GM9F-F87Q Ludwig framework is vulnerable to insecure deserialization through its predict() method.

9.8CVSS6.3AI score0.00513EPSS

Exploits0References3

EUVD•added 2026/05/12 6:30 p.m.•7 views

EUVD-2026-29560

6.3AI score0.00513EPSS

Exploits0References3

Snyk•added 2026/05/12 6:30 p.m.•3 views

Deserialization of Untrusted Data

Overview ludwig is a Declarative machine learning: End-to-end machine learning pipelines using data-driven configurations. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the predict method. An attacker can execute arbitrary code by supplying a maliciousl...

9.8CVSS6.1AI score0.00513EPSS

Exploits0References2

Github Security Blog•added 2026/05/12 6:30 p.m.•3 views

Ludwig framework is vulnerable to insecure deserialization through its predict() method.

9.8CVSS6.3AI score0.00513EPSS

Exploits0References4Affected Software1

NVD•added 2026/05/12 6:16 p.m.•4 views

CVE-2026-31237

9.8CVSS0.00513EPSS

Exploits0References2

CVE•added 2026/05/12 12:0 a.m.•7 views

CVE-2026-31237

The Ludwig framework (up to version 0.10.4) is reported to be vulnerable to insecure deserialization (CWE-502) in its predict() function. If a user supplies a dataset file path to predict(), Ludwig attempts to determine the file format and, when encountering a pickle (.pkl) file, loads it via pan...

9.8CVSS6.3AI score0.00513EPSS

Exploits0References2