5 matches found
CVE-2025-54886
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
CVE-2025-54886
The CVE-2025-54886 issue affects the Python library skops, specifically the Card.get_model path. In versions 0.12.0 and earlier, when loading models, Card.get_model does not adequately prevent arbitrary code execution: if a non-.zip file is provided, it silently falls back from the secure skops l...
CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54886 via skops (>=0.10.0 <=0.11.0)
skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54886 Source advisory: OSV:GHSA-378X-6P4F-8JGM...
CVE-2025-54886
creationtimestamp| type| source ---|---|--- 2025-08-07 08:04:15+00:00| published-proof-of-concept| https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm 2025-08-08 02:01:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvu5trlski2a...