39 matches found
EUVD-2025-21549
Malicious code in bioql PyPI...
EUVD-2025-21561
Malicious code in bioql PyPI...
EUVD-2025-21558
Malicious code in bioql PyPI...
GPT-SoVITS-WebUI open_slice function command injection vulnerability
GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openslice function, which can be exploited by an attacker to execute arbitrary commands on the system...
GPT-SoVITS-WebUI change_label function command injection vulnerability
GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI changelabel function that can be exploited by an attacker to execute arbitrary commands on the system...
GPT-SoVITS-WebUI Code Issue Vulnerability (CNVD-2025-23582)
GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from unsafe deserialization processing of processckpt.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...
CVE-2025-49837
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...
CVE-2025-49833
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py openslice function. sliceoptroot and slice-inp-path takes user input, which is passed to the openslice function, which concatenates the use...
CVE-2025-49841
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in processckpt.py. The SoVITSdropdown variable takes user input and passes it to the loadsovitsnew function in processckpt.py. In loadsovitsnew, the...
CVE-2025-49840
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...
CVE-2025-49838
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance o...
CVE-2025-49839
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...
CVE-2025-49837
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...
CVE-2025-49840
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...
CVE-2025-49833
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py openslice function. sliceoptroot and slice-inp-path takes user input, which is passed to the openslice function, which concatenates the use...
CVE-2025-49841
GPT-SoVITS-WebUI is affected by unsafe deserialization in process_ckpt.py. User input (sovits_path) is passed to torch.load in load_sovits_new, enabling arbitrary code execution. Affected versions: 20250228v3 and prior. At publication, no patched versions are available. No exploitation details ar...
CVE-2025-49841 GHSL-2025-053: GPT-SoVITS Deserialization of Untrusted Data vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in processckpt.py. The SoVITSdropdown variable takes user input and passes it to the loadsovitsnew function in processckpt.py. In loadsovitsnew, the...
CVE-2025-49840
GPT-SoVITS-WebUI is affected by an unsafe deserialization vulnerability in the component inference_webui.py . In versions 20250228v3 and earlier, the GPT_dropdown input is passed to the function change_gpt_weights , where user input (gpt_path) is used with torch.load , causing unsafe deserializat...
CVE-2025-49839 GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...
CVE-2025-49837
GPT-SoVITS-WebUI (versions 20250228v3 and prior) is affected by an unsafe deserialization vulnerability in vr.py AudioPre. The attack surface involves the model_choose input, which is passed into function uvr, where AudioPre is instantiated with a model_path derived from user input and the .pth e...