CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

GHSA-FQ92-QC8F-482V Snorkel BaseLabeler.load uses an unsafe pickle.load

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

Snorkel BaseLabeler.load uses an unsafe pickle.load

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

EUVD-2026-29507

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

CVE-2026-31223

The snorkel library up to v0.10.0 has a CWE-502 insecure deserialization in BaseLabeler.load() that uses unsafe pickle.load() on user-supplied file paths, enabling a remote attacker to deliver a malicious pickle and achieve arbitrary code execution when loaded. Affected component: BaseLabeler (sn...

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the BaseLabeler class’s BaseLabeler.load method, which uses the unsafe...

PT-2026-40062

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...