amzn-nova-customization-sdk (>=1.0.29 <=1.0.72), anymodality (=0.1.0) +27 more potentially affected by CVE-2026-1777 via sagemaker (>=1.52.1 <=2.254.1)

sagemaker PYPI version =1.52.1, =1.0.29, =0.1.1b20230324, =0.4.6, =0.1.0, =0.1.1, =0.9.0, =0.2.8, =1.97.0.dev0, =2.0.0, =1.0.0, =1.0.0, =0.4.0, =0.7.3, =1.0.1 and more Source cves: CVE-2026-1777 Source advisory: OSV:GHSA-RJRP-M2JW-PV9C...

al-for-design (=0.0.1), autogluon (>=0.0.4 <=0.5.3b20221114) +42 more potentially affected by CVE-2024-12216 via gluoncv (>=0.10.3.post0 <=0.9.0)

gluoncv PYPI version =0.10.3.post0, =0.0.4, =0.0.15b20201024, =0.0.15b20201024, =0.0.15b20201024, =1.0.0, =0.1.1, =0.1.0, =0.0.6, =0.0.3, =0.0.1, =0.0.20 - monk-colab =0.0.1 - monk-colab-test =0.0.1 - monk-cpu =0.0.1 - monk-cpu-test =0.0.11 and more Source cves: CVE-2024-12216 Source advisory:...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +124 more potentially affected by unknown CVE via ray (>=2.0.0 <=2.41.0)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.2.2, =1.1.1, =0.5.3b20221011, =0.1.1b20230324, =0.4.2 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-RAY-9055245...

anymodality (=0.1.0), autogluon-cloud (>=0.1.1b20230324 <=0.2.1b20230929) +19 more potentially affected by CVE-2024-34073 via sagemaker (>=1.52.1 <=2.207.1)

sagemaker PYPI version =1.52.1, =0.1.1b20230324, =0.9.0, =0.2.8, =1.97.0.dev0, =1.0.0, =1.0.0, =0.7.3, =0.1.2, =0.0.9, =0.1.6, =0.2.0, =0.5.1 and more Source cves: CVE-2024-34073 Source advisory: OSV:GHSA-7PC3-PR3Q-58VG...

autogluon (>=0.5.0 <=0.5.1b20220718), autogluon-text (>=0.5.0 <=0.5.1b20220718) +1 more potentially affected by unknown CVE via autogluon-multimodal (>=0.5.0 <=0.5.1b20220718)

autogluon-multimodal PYPI version =0.5.0, =0.5.0, =0.5.0, =1.0.0, =1.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-6H2X-4GJF-JC5W...

GHSA-6H2X-4GJF-JC5W autogluon.multimodal vulnerable to unsafe YAML deserialization

Impact A potential unsafe deserialization issue exists within the autogluon.multimodal module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of untrusted data may allow an unprivileged third party to cause remote code execution, denial of service, and...

autogluon.multimodal vulnerable to unsafe YAML deserialization

Impact A potential unsafe deserialization issue exists within the autogluon.multimodal module, where YAML files are loaded via yaml.load instead of yaml.safeload. The deserialization of untrusted data may allow an unprivileged third party to cause remote code execution, denial of service, and...

anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2022-0845 via pytorch-lightning (>=0.10.0 <=1.5.9)

pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2022-0845 Source advisory: OSV:GHSA-R5QJ-CVF9-P85H...