36 matches found
CVE-2026-10766
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
CVE-2026-10766
The vulnerability CVE-2026-10766 affects mlrun up to 1.12.0-rc3, specifically the function mlrun.utils.helpers.calculate_dataframe_hash in DataFrame Hash Handler. The issue arises from a manipulation that leads to the use of a weak hash. Exploitation is possible only from a local environment, wit...
CVE-2026-10766
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
EUVD-2026-34177
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
CVE-2026-10705
A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...
PT-2026-46056
Name of the Vulnerable Software and Affected Versions mlrun versions prior to 1.12.0-rc3 Description The DataFrame Hash Handler component contains an issue in the calculate dataframe hash function within the mlrun/utils/helpers.py file. This allows for the use of a weak hash, which can be...
actix-web-opentelemetry (>=0.2.0 <=0.17.0), alopex-dataframe (=0.2.0) +197 more potentially affected by CVE-2026-43868 via thrift (>=0.0.4 <=0.17.0)
thrift CARGO version =0.0.4, =0.2.0, =0.3.0, =0.3.5, =0.3.5, =0.2.0, =0.7.0, =0.1.0, =0.1.0, =0.32.1, =0.2.1, =0.5.0 and more Source cves: CVE-2026-43868 Source advisory: OSV:GHSA-2F9F-GQ7V-9H6M...
Arbitrary Code Injection
Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Arbitrary Code Injection via the /save-column-filter endpoint due to the improper validation of input to pandas' DataFrame.query used to construct Column filters. An attacker can...
Arbitrary Code Execution
Langroid is vulnerable to Arbitrary Code Execution. The vulnerability is due to literalok returning False instead of raising an error along with unrestricted access to dangerous dunder attributes, which allows an attacker to chain DataFrame methods to expose the eval builtin and execute arbitrary...
EUVD-2022-6611
Malicious code in bioql PyPI...
CVE-2024-23752
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
Arbitrary Code Injection
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection through the computefromdocs process. An attacker can execute arbitrary code by manipulating the input data to the QueryPlan.dataframecalc method. Remediati...
Undefined Behavior for Input to API
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Undefined Behavior for Input to API via the dataframe component. An attacker can cause a server crash and denial of service by uploading a maliciousl...
Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb
A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...
CVE-2024-10569
A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...
CVE-2024-10569 Zip Bomb Vulnerability in gradio-app/gradio
A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...
CVE-2024-9880
Removed by vendor...
CVE-2024-9880
...