29 matches found
CVE-2026-31222
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...
CVE-2026-31223
The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...
EUVD-2026-29508
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...
b2aiprep (>=0.19.0 <=3.3.3), capstone-text-mining (>=0.0.6 <=0.1.2) +10 more potentially affected by CVE-2026-31224 via snorkel (>=0.10.0 <=0.9.9)
snorkel PYPI version =0.10.0, =0.19.0, =0.0.6, =1.0.2, =0.8.0, =0.1.1, =0.1.2, =0.1.0, =0.6.1, =0.0.0, =1.3.1a1 - t2r2 =0.0.1 - ws-benchmark =1.1.2rc0 Source cves: CVE-2026-31224 Source advisory: SNYK:PYTHON-SNORKEL-16758048...
b2aiprep (>=0.19.0 <=3.3.3), capstone-text-mining (>=0.0.6 <=0.1.2) +10 more potentially affected by CVE-2026-31223 via snorkel (>=0.10.0 <=0.9.9)
snorkel PYPI version =0.10.0, =0.19.0, =0.0.6, =1.0.2, =0.8.0, =0.1.1, =0.1.2, =0.1.0, =0.6.1, =0.0.0, =1.3.1a1 - t2r2 =0.0.1 - ws-benchmark =1.1.2rc0 Source cves: CVE-2026-31223 Source advisory: SNYK:PYTHON-SNORKEL-16758051...
b2aiprep (>=0.19.0 <=3.3.3), capstone-text-mining (>=0.0.6 <=0.1.2) +10 more potentially affected by CVE-2026-31222 via snorkel (>=0.10.0 <=0.9.9)
snorkel PYPI version =0.10.0, =0.19.0, =0.0.6, =1.0.2, =0.8.0, =0.1.1, =0.1.2, =0.1.0, =0.6.1, =0.0.0, =1.3.1a1 - t2r2 =0.0.1 - ws-benchmark =1.1.2rc0 Source cves: CVE-2026-31222 Source advisory: SNYK:PYTHON-SNORKEL-16758049...
EUVD-2026-29506
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...
GHSA-FQ92-QC8F-482V Snorkel BaseLabeler.load uses an unsafe pickle.load
The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...
GHSA-78CP-F66X-QMH5 Snorkel Trainer.load uses an unsafe torch.load
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...
Snorkel Trainer.load uses an unsafe torch.load
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...
Snorkel MultitaskClassifier.load uses an unsafe torch.load
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...
GHSA-GPX5-7XM4-229W Snorkel MultitaskClassifier.load uses an unsafe torch.load
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...
Deserialization of Untrusted Data
Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the load function of the BaseLabeler class, which uses the pickle.load method on user-supplied file paths without...
Deserialization of Untrusted Data
Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MultitaskClassifier.load function. An attacker can execute arbitrary code by supplying a maliciously crafted mode...
Deserialization of Untrusted Data
Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Trainer.load function. An attacker can execute arbitrary code by supplying a maliciously crafted model file that ...
CVE-2026-31223
The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...
CVE-2026-31224
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...
PT-2026-40061
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weights only=True parameter. This default behavior allows...
Snorkel 安全漏洞
Snorkel is an open-source system developed by Snorkel that enables rapid generation of training data using weak supervision. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the MultitaskClassifier class’s MultitaskClassifier.load method, whic...
PT-2026-40063
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weights only=True parameter. This...