EUVD-2024-1966

Malicious code in bioql PyPI...

EUVD-2025-22763

Malicious code in bioql PyPI...

EUVD-2024-1956

Malicious code in bioql PyPI...

EUVD-2024-0161

Malicious code in bioql PyPI...

EUVD-2024-1907

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-5206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fix...

Linux Distros Unpatched Vulnerability : CVE-2020-13092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes ...

CVE-2025-54413

A flaw was found in skops. An inconsistency in MethodNode allows access to unexpected object fields through dot notation when a specially crafted model file is loaded. This issue allows arbitrary code execution at load time...

CVE-2025-54412

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...

TencentOS Server 4: python-scikit-learn (TSSA-2024:0487)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0487 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

Leveraging Large Language Models for Command Injection Vulnerability Analysis in Python: an Empirical Study on Popular Open-Source Projects

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large Language ModelsLLMs in code-related tasks, such as testing...

Security Bulletin: Vulnerability in scikit-learn affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in scikit-learn has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

OPENSUSE-SU-2025:14729-1 python311-scikit-learn-1.6.1-1.1 on GA media

These are all security issues fixed in the python311-scikit-learn-1.6.1-1.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-5206 (Medium) detected in scikit_learn-1.1.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-5206

Summary IBM Maximo Application Suite Predict Component uses CVE-2024-5206 Medium detected in scikitlearn-1.1.3-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

Security Bulletin: IBM Maximo Application Suite - AI Broker component usesscikit_learn-1.3.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-5206

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesscikitlearn-1.3.2-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001

Summary The following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization...

Scikit-learn Detection

Binary data scikitlearndetect.nbin...

OESA-2024-1745 python-scikit-learn security update

A Python module for machine learning built on top of SciPy Security Fixes: A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the...