795 matches found
CVE-2025-54381 BentoML is Vulnerable to an SSRF Attack Through File Upload Processing
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...
CVE-2025-54412
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...
CVE-2025-54413
CVE-2025-54413 affects the Python package skops (versions ≤ 0.11.0) due to an inconsistency in the internal MethodNode, which can be exploited to access arbitrary object fields via dot notation during load. This can lead to arbitrary code execution at load time . The issue is fixed in version 12....
CVE-2025-54413 skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at loa...
CVE-2025-54413 skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at loa...
CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...
CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...
CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...
PT-2025-30944 · Skops · Skops
Name of the Vulnerable Software and Affected Versions: skops versions 0.11.0 and below skops versions prior to 12.0.0 Description: skops is a Python library used for sharing and shipping scikit-learn based models. A vulnerability exists due to an inconsistency in the MethodNode component, allowin...
PT-2025-30943 · Skops +1 · Skops +1
Vulnerability Summary Name of the Vulnerable Software and Affected Versions: skops versions 0.11.0 and below Description: skops is a Python library used for sharing and shipping scikit-learn based models. An inconsistency in the OperatorFuncNode allows exploitation to hide the execution of...
ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-51463 via aim (>=3.17.4 <=4.0.3)
aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-51463 Source advisory: SNYK:PYTHON-AIM-10875510...
trinity (>=0.1.0a28 <=0.1.0a36) potentially affected by CVE-2025-29606 via libp2p (>=0.1.1 <=0.1.5)
libp2p PYPI version =0.1.1, =0.1.0a28, =0.1.0a36 Source cves: CVE-2025-29606 Source advisory: SNYK:PYTHON-LIBP2P-10851401...
OESA-2025-1811 python-pycares security update
pycares is a Python module which provides an interface to c-ares.c-ares is a C library that performs DNS requests and name resolutions asynchronously. Security Fixes: pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name...
Information Exposure
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Information Exposure via the authenticateuser function in the /server/endpoints/lollmsauthentication.py file. An attacker can enumerate valid usernames and incrementally guess...
Model Context Protocol (MCP) Python Library Detection
An Model Context Protocol Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid241433; scriptversion"1.7";...
astra-assistants (>=2.3.0 <=2.4.5), fiftyone-mcp-server (>=0.1.0 <=0.1.2) +14 more potentially affected by CVE-2025-53365 via mcp (>=0.9.1 <=1.0.0)
mcp PYPI version =0.9.1, =2.3.0, =0.1.0, =1.2.8, =0.1.0, =1.0.0, =3.0.16, =0.2.0, =0.0.4, =0.0.5 - web-browser-mcp =0.1.1 and more Source cves: CVE-2025-53365 Source advisory: OSV:GHSA-J975-95F5-7WQH...
ROS-20250630-08
A vulnerability in a library for Python that extends the ease of creating, distributing, and installation of Python packages setuptools is related to an input validation error when processing sequences of directory traversal in packageindex.py. Exploitation of the vulnerability could allow an...
CVE-2025-52467
pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...
[SECURITY] Fedora 42 Update: mingw-python-setuptools-78.1.1-1.fc42
MinGW Windows Python setuptools library...
CVE-2025-52556
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...