94 matches found
PYSEC-2026-1925 SKOPS Card.get_model happily allows arbitrary code execution
Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
OPENSUSE-SU-2026:21063-1 Security update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve
This update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve fixes the following issues: Changes in python-Markdown: - Fix tests with latest python version bsc1268243 Changes in python-joblib: - Update to 1.5.2:...
SUSE-SU-2026:22370-1 Security update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve
This update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve fixes the following issues: Changes in python-Markdown: - Fix tests with latest python version bsc1268243 Changes in python-joblib: - Update to 1.5.2:...
Astra Linux – Vulnerability in joblib
The joblib package from versions 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution through the predispatch flag in the Parallel class, due to the eval statement...
EUVD-2025-23967
Malicious code in bioql PyPI...
EUVD-2022-0128
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-34997
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is dispute...
Arbitrary Code Execution (ACE)
skops is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to Card.getmodel falling back to joblib for non-.zip file formats without warning, which allows an attacker to load a malicious model file and execute arbitrary code...
Linux Distros Unpatched Vulnerability : CVE-2022-21797
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
Linux Distros Unpatched Vulnerability : CVE-2020-13092
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes ...
CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
SKOPS Card.get_model happily allows arbitrary code execution
Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
GHSA-378X-6P4F-8JGM SKOPS Card.get_model happily allows arbitrary code execution
Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
PT-2025-32333
Name of the Vulnerable Software and Affected Versions skops versions 0.12.0 and below skops versions prior to 0.13.0 Description The Card.get model function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both joblib and skops for model...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...
OPENSUSE-SU-2025:14914-1 python311-joblib-1.4.2-2.1 on GA media
These are all security issues fixed in the python311-joblib-1.4.2-2.1 package on the GA media of openSUSE Tumbleweed...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated...