93 matches found
Astra Linux - уязвимость в joblib
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
EUVD-2025-23967
Malicious code in bioql PyPI...
EUVD-2022-0128
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-34997
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is dispute...
Arbitrary Code Execution (ACE)
skops is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to Card.getmodel falling back to joblib for non-.zip file formats without warning, which allows an attacker to load a malicious model file and execute arbitrary code...
Linux Distros Unpatched Vulnerability : CVE-2022-21797
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
Linux Distros Unpatched Vulnerability : CVE-2020-13092
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes ...
CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
GHSA-378X-6P4F-8JGM SKOPS Card.get_model happily allows arbitrary code execution
Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
SKOPS Card.get_model happily allows arbitrary code execution
Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
PT-2025-32333 · Skops · Skops
Name of the Vulnerable Software and Affected Versions: skops versions 0.12.0 and below skops versions prior to 0.13.0 Description: The Card.get model function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both joblib and skops for mode...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...
OPENSUSE-SU-2025:14914-1 python311-joblib-1.4.2-2.1 on GA media
These are all security issues fixed in the python311-joblib-1.4.2-2.1 package on the GA media of openSUSE Tumbleweed...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated...
Fedora 37 : python-joblib (2022-c83ce1c000)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-c83ce1c000 advisory. Security fix for CVE-2022-21797 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997
Summary Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997 Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated attacker to execute arbitrary code on the...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to joblib arbitrary code execution vulnerability [ CVE-2024-34997]
Summary Potential joblib arbitrary code execution vulnerability CVE-2024-34997 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34997...