Lucene search
+L

94 matches found

osv
osv
added 2026/07/07 4:3 p.m.6 views

PYSEC-2026-1925 SKOPS Card.get_model happily allows arbitrary code execution

Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...

8.4CVSS6.6AI score0.00212EPSS
Exploits0References7
osv
osv
added 2026/06/26 7:41 a.m.2 views

OPENSUSE-SU-2026:21063-1 Security update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve

This update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve fixes the following issues: Changes in python-Markdown: - Fix tests with latest python version bsc1268243 Changes in python-joblib: - Update to 1.5.2:...

6.1CVSS5.8AI score0.00161EPSS
Exploits0References8
osv
osv
added 2026/06/26 7:40 a.m.2 views

SUSE-SU-2026:22370-1 Security update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve

This update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve fixes the following issues: Changes in python-Markdown: - Fix tests with latest python version bsc1268243 Changes in python-joblib: - Update to 1.5.2:...

6.1CVSS5.8AI score0.00161EPSS
Exploits0References9
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in joblib

The joblib package from versions 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution through the predispatch flag in the Parallel class, due to the eval statement...

9.8CVSS7.1AI score0.01975EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-23967

Malicious code in bioql PyPI...

8.4CVSS6.3AI score0.00212EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-0128

Malicious code in bioql PyPI...

9.8CVSS7.1AI score0.01975EPSS
Exploits1References20
nessus
nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-34997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is dispute...

7.5CVSS6.2AI score0.00664EPSS
Exploits1References2
veracode
veracode
added 2025/08/28 8:53 a.m.6 views

Arbitrary Code Execution (ACE)

skops is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to Card.getmodel falling back to joblib for non-.zip file formats without warning, which allows an attacker to load a malicious model file and execute arbitrary code...

8.4CVSS7.4AI score0.00212EPSS
Exploits0References5Affected Software1
nessus
nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-21797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS6.9AI score0.01975EPSS
Exploits1References2
nessus
nessus
added 2025/08/26 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-13092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes ...

9.8CVSS8.3AI score0.02645EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/08/08 12:3 a.m.3 views

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

8.4CVSS7.2AI score0.00212EPSS
Exploits0References2
cvelist
cvelist
added 2025/08/08 12:3 a.m.15 views

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

8.4CVSS0.00212EPSS
Exploits0References2
osv
osv
added 2025/08/08 12:3 a.m.6 views

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

8.4CVSS7.9AI score0.00212EPSS
Exploits0References4
github
github
added 2025/08/07 4:42 p.m.8 views

SKOPS Card.get_model happily allows arbitrary code execution

Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...

8.4CVSS7.7AI score0.00212EPSS
Exploits0References5Affected Software1
osv
osv
added 2025/08/07 4:42 p.m.3 views

GHSA-378X-6P4F-8JGM SKOPS Card.get_model happily allows arbitrary code execution

Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...

8.4CVSS7.7AI score0.00212EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/08/07 12:0 a.m.10 views

PT-2025-32333

Name of the Vulnerable Software and Affected Versions skops versions 0.12.0 and below skops versions prior to 0.13.0 Description The Card.get model function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both joblib and skops for model...

8.4CVSS6.5AI score0.00212EPSS
Exploits0References14
redhatcve
redhatcve
added 2025/05/22 4:57 p.m.15 views

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

9.8CVSS7.2AI score0.02645EPSS
Exploits1
ibm
ibm
added 2025/03/26 3:30 a.m.68 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...

9.8CVSS10AI score0.10539EPSS
Exploits13Affected Software1
osv
osv
added 2025/03/20 12:0 a.m.8 views

OPENSUSE-SU-2025:14914-1 python311-joblib-1.4.2-2.1 on GA media

These are all security issues fixed in the python311-joblib-1.4.2-2.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.8AI score0.01975EPSS
Exploits1References1
ibm
ibm
added 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated...

7.5CVSS7.2AI score0.00664EPSS
Exploits1Affected Software1
Rows per page
Query Builder