CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

OSV•added 2026/05/12 6:30 p.m.•6 views

GHSA-WCR3-GM9F-F87Q Ludwig framework is vulnerable to insecure deserialization through its predict() method.

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.3AI score0.006EPSS

Exploits0References3

Huntr•added 2026/03/17 1:2 a.m.•7 views

Pickle deserialization RCE via pd.read_pickle() bypasses CVE-2024-24590 fix

Summary The fix for CVE-2024-24590 only hardened the type == "pickle" deserialization branch in Artifact.get. A parallel code path for type == "pandas" with contenttype == "application/pickle" calls pd.readpickle without any integrity or safety check. An attacker who uploads a malicious pickle...

8.8CVSS6.6AI score0.02452EPSS

Exploits9

SUSE CVE•added 2023/02/15 3:58 a.m.•3 views

SUSE CVE-2020-13091

pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibility to use...

9.8CVSS7.3AI score0.03387EPSS

Exploits1References3

NVD•added 2020/05/15 7:15 p.m.•21 views

CVE-2020-13091

9.8CVSS9.7AI score0.03387EPSS

Exploits1References2

OSV•added 2020/05/15 7:15 p.m.•8 views

CVE-2020-13091

9.8CVSS9.6AI score

Exploits0References2

OSV•added 2020/05/15 7:15 p.m.•3 views

DEBIAN-CVE-2020-13091

9.8CVSS8.5AI score0.03387EPSS

Exploits1References1

UbuntuCve•added 2020/05/15 7:15 p.m.•32 views

CVE-2020-13091

9.8CVSS7.2AI score0.03387EPSS

Exploits1References3

PyPA•added 2020/05/15 7:15 p.m.•6 views

PYSEC-2020-73

DISPUTED pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibilit...

9.8CVSS7.3AI score0.03387EPSS

Exploits1References2Affected Software1

OSV•added 2020/05/15 7:15 p.m.•5 views

UBUNTU-CVE-2020-13091

9.8CVSS7.2AI score0.03387EPSS

Exploits1References4

OSV•added 2020/05/15 7:15 p.m.•12 views

PYSEC-2020-73

9.8CVSS7.2AI score0.03387EPSS

Exploits1References2

Prion•added 2020/05/15 7:15 p.m.•24 views

Design/Logic Flaw

7.5CVSS9.6AI score0.03387EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/05/15 6:41 p.m.•20 views

CVE-2020-13091

9.7AI score0.03387EPSS

Exploits1References2

CVE•added 2020/05/15 6:41 p.m.•213 views

CVE-2020-13091

CVE-2020-13091 affects pandas up to 1.0.3. The vulnerability stems from unsafe deserialization in read_pickle(), which can unserialize a payload and execute commands if reduce invokes os.system. The issue is contingent on using read_pickle() with an untrusted file. Third parties dispute the sever...

9.8CVSS9.6AI score0.03387EPSS

Exploits1References2Affected Software1

Debian CVE•added 2020/05/15 6:41 p.m.•37 views

CVE-2020-13091

9.8CVSS9.7AI score0.03387EPSS

Exploits1

CNVD•added 2018/08/29 12:0 a.m.•3 views

pycparser command execution vulnerability

pycparser is a C parser written in Python. A command execution vulnerability exists in pycparser's pickle.load call to import data within the 'readpickle' function of the LRTable class in the yacc.py file. A remote attacker can exploit this vulnerability to execute arbitrary python commands with...

7.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by