EUVD-2024-0161

Malicious code in bioql PyPI...

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

Security Bulletin: Vulnerability in scikit-learn affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in scikit-learn has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-5206 (Medium) detected in scikit_learn-1.1.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-5206

Summary IBM Maximo Application Suite Predict Component uses CVE-2024-5206 Medium detected in scikitlearn-1.1.3-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

3deecelltracker (>=0.5.0a0 <=1.0.0), a2g (=2020.0.1) +3973 more potentially affected by CVE-2024-5206 via scikit-learn (>=0.15.2 <=1.4.2)

scikit-learn PYPI version =0.15.2, =0.5.0a0, =0.1.0, =0.1.0, =0.9.2, =0.3.2, =0.9.0.dev1, =1.0.0, =2.0.0, =25.9.23, =26.5.4.post2 - ablation =0.1.0 and more Source cves: CVE-2024-5206 Source advisory: OSV:GHSA-JW8X-6495-233V...

PYSEC-2024-110

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

GLSA-202301-03 : scikit-learn: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202301-03 scikit-learn: Denial of Service - DISPUTED svmpredictvalues in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service segmentation fault via a crafted mod...

a62-emotion (>=0.9.2 <=0.11.4), abdelrahman-obfuscate (>=1.0.0 <=1.0.1) +993 more potentially affected by CVE-2020-28975 via scikit-learn (>=0.23.2 <=1.0.0)

scikit-learn PYPI version =0.23.2, =0.9.2, =1.0.0, =2.0.0, =1.0.32, =0.0.0, =1.2.1, =1.3.3, =0.1.0.dev24560066971, =0.0.2, =0.0.1, =1.3.4, =0.0.1, =0.0.178 and more Source cves: CVE-2020-28975 Source advisory: OSV:GHSA-JXFP-4RVQ-9H9M...

a2ml (>=0.1.0 <=0.1.4), abcpy (=0.5.7) +1061 more potentially affected by CVE-2020-28975 via scikit-learn (>=0.15.2 <=0.23.2)

scikit-learn PYPI version =0.15.2, =0.1.0, =1.0.0, =2.0.0, =1.0.32, =1.1.2, =0.1.2, =1.2.0, =0.1.0.dev24560066971, =0.0.2, =1.1.1, =1.1.7 and more Source cves: CVE-2020-28975 Source advisory: OSV:PYSEC-2020-108...

scikit-learn code issue vulnerability

scikit-learn is an open-source Python-based machine learning package that supports features such as spam detection, image recognition, and prediction of continuous-valued attributes of associations. A code issue vulnerability exists in scikit-learn sklearn 0.23.0 and earlier versions, which can b...