5 matches found
b2aiprep (>=0.19.0 <=3.3.2), capstone-text-mining (>=0.0.6 <=0.1.2) +10 more potentially affected by CVE-2026-31223 via snorkel (>=0.10.0 <=0.9.9)
snorkel PYPI version =0.10.0, =0.19.0, =0.0.6, =1.0.2, =0.8.0, =0.1.1, =0.1.2, =0.1.0, =0.6.1, =0.0.0, =1.3.1a1 - t2r2 =0.0.1 - ws-benchmark =1.1.2rc0 Source cves: CVE-2026-31223 Source advisory: SNYK:PYTHON-SNORKEL-16758051...
b2aiprep (>=0.19.0 <=3.3.2), capstone-text-mining (>=0.0.6 <=0.1.2) +10 more potentially affected by CVE-2026-31222 via snorkel (>=0.10.0 <=0.9.9)
snorkel PYPI version =0.10.0, =0.19.0, =0.0.6, =1.0.2, =0.8.0, =0.1.1, =0.1.2, =0.1.0, =0.6.1, =0.0.0, =1.3.1a1 - t2r2 =0.0.1 - ws-benchmark =1.1.2rc0 Source cves: CVE-2026-31222 Source advisory: SNYK:PYTHON-SNORKEL-16758049...
CVE-2026-31224
The CVE-2026-31224 entry concerns the snorkel library up to v0.10.0, where the MultitaskClassifier.load() method deserializes model weights with torch.load() without enabling weights_only=True. This allows untrusted Pickle-based object deserialization, enabling arbitrary code execution when loadi...
Snorkel 安全漏洞
Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the BaseLabeler class’s BaseLabeler.load method, which uses the unsafe...
Snorkel 安全漏洞
Snorkel is an open-source system developed by Snorkel that enables rapid generation of training data using weak supervision. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the MultitaskClassifier class’s MultitaskClassifier.load method, whic...