Deserialization of Untrusted Data

Overview ai-data-science-team is a Build and run an AI-powered data science team. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadpickle function in aidatascienceteam/tools/dataloader.py. An attacker can execute arbitrary code by supplying a...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

PT-2025-47331

Name of the Vulnerable Software and Affected Versions MCP Data Science Server version 0.1.6 Description A command injection issue exists in the safe eval function src/mcp server ds/server.py:108 of the software. The function utilizes Python’s exec to run scripts provided by users, but it does not...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

EUVD-2019-18375

Malware in sbrugna...

EUVD-2018-12665

Malware in sbrugna...

EUVD-2018-12666

Malware in sbrugna...

EUVD-2021-16597

Malware in sbrugna...

EUVD-2019-18376

Malware in sbrugna...

EUVD-2017-6988

Malware in sbrugna...

EUVD-2018-7536

Malware in sbrugna...

EUVD-2018-3255

Malware in sbrugna...

EUVD-2022-52425

Malicious code in bioql PyPI...

CVE-2025-58366

Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public unauthenticated /public/catalogs endpoint.vOnly instances using private helm repositories i.e setting username & password in the...

Engineering Trustworthy Machine-Learning Operations with Zero-Knowledge Proofs

As Artificial Intelligence AI systems, particularly those based on machine learning ML, become integral to high-stakes applications, their probabilistic and opaque nature poses significant challenges to traditional verification and validation methods. These challenges are exacerbated in regulated...

CVE-2021-2138

Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes...

CVE-2018-15665

An issue was discovered in Cloudera Data Science Workbench CDSW 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts...

CVE-2018-11215

Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors...

CVE-2018-20090

An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...

CVE-2018-20091

An SQL injection vulnerability was found in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords in the case of local...