CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

EUVD-2025-23369

Malicious code in bioql PyPI...

CVE-2025-50460

A remote code execution RCE vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. If an attacker can control the content of the YAML configuration file passed to the --runconfig parameter,...

CVE-2025-50460

A remote code execution RCE vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. If an attacker can control the content of the YAML configuration file passed to the --runconfig parameter,...

CVE-2025-50460

A remote code execution RCE vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. If an attacker can control the content of the YAML configuration file passed to the --runconfig parameter,...

CVE-2025-50460

A remote code execution RCE vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. If an attacker can control the content of the YAML configuration file passed to the --runconfig parameter,...

CVE-2025-50460

The CVE-2025-50460 entry describes an RCE in the ms-swift project (v3.3.0) caused by unsafe deserialization in tests/run.py via yaml.load() with PyYAML

CVE-2025-50472

The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadmodelmeta function of the ModelFileSystemCache class. Attackers can execute arbitrary code and commands by crafting a malicious serialized .mdl payload,...

scepter (>=1.1.0 <=1.4.1) potentially affected by unknown CVE via ms-swift (=3.10.3)

ms-swift PYPI version =3.10.3 is affected by a known vulnerability. The following packages have a transitive dependency on ms-swift and may be impacted: - scepter =1.1.0, =1.4.1 Source cves: unknown CVE Source advisory: SNYK:PYTHON-MSSWIFT-11502610...

GHSA-R54C-2XMF-2CF3 MS SWIFT Deserialization RCE Vulnerability

This appears to be a security vulnerability report describing a remote code execution RCE exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from...

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the torch.load function. An attacker can execute arbitrary commands by uploading a maliciously crafted adapter model file tha...

MS SWIFT Deserialization RCE Vulnerability

This appears to be a security vulnerability report describing a remote code execution RCE exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from...

modelscope (>=1.9.0 <=1.9.1), scepter (>=0.0.1 <=1.4.1) potentially affected by unknown CVE via ms-swift (>=1.3.0 <=3.10.3)

ms-swift PYPI version =1.3.0, =1.9.0, =0.0.1, =1.4.1 Source cves: unknown CVE Source advisory: OSV:GHSA-R54C-2XMF-2CF3...

scepter (>=1.1.0 <=1.4.1) potentially affected by CVE-2025-41419 via ms-swift (=3.10.3)

ms-swift PYPI version =3.10.3 is affected by a known vulnerability. The following packages have a transitive dependency on ms-swift and may be impacted: - scepter =1.1.0, =1.4.1 Source cves: CVE-2025-41419 Source advisory: SNYK:PYTHON-MSSWIFT-11502591...

GHSA-7C78-RM87-5673 MS SWIFT WEB-UI RCE Vulnerability

I. Detailed Description: This includes scenarios, screenshots, vulnerability reproduction methods. For account-related vulnerabilities, please provide test accounts. If the reproduction process is complex, you may record a video, upload it to Taopan, and attach the link. 1. Install ms-swift pip...

modelscope (>=1.9.0 <=1.9.1), scepter (>=0.0.1 <=1.4.1) potentially affected by CVE-2025-41419 via ms-swift (>=1.3.0 <=3.10.3)

ms-swift PYPI version =1.3.0, =1.9.0, =0.0.1, =1.4.1 Source cves: CVE-2025-41419 Source advisory: OSV:GHSA-7C78-RM87-5673...

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the yaml.load function in tests/run.py when handling user-supplied YAML configuration files. An attacker can execute arbitrar...

MS SWIFT Remote Code Execution via unsafe PyYAML deserialization

Description A Remote Code Execution RCE vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load in combination with vulnerable versions of the PyYAML library ≤ 5.3.1. The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is...

modelscope (>=1.9.0 <=1.9.1), scepter (>=0.0.1 <=1.4.1) potentially affected by CVE-2025-50460 via ms-swift (>=1.3.0 <=3.10.3)

ms-swift PYPI version =1.3.0, =1.9.0, =0.0.1, =1.4.1 Source cves: CVE-2025-50460 Source advisory: OSV:GHSA-FM6C-F59H-7MMG...