45 matches found
EUVD-2025-22762
Malicious code in bioql PyPI...
EUVD-2025-22763
Malicious code in bioql PyPI...
EUVD-2025-23967
Malicious code in bioql PyPI...
EUVD-2024-2133
Malicious code in bioql PyPI...
CVE-2025-54886
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
CVE-2025-54886
The CVE-2025-54886 issue affects the Python library skops, specifically the Card.get_model path. In versions 0.12.0 and earlier, when loading models, Card.get_model does not adequately prevent arbitrary code execution: if a non-.zip file is provided, it silently falls back from the secure skops l...
CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...
Skops 代码问题漏洞
Skops is a Python library from the Skops project that helps share scikit-learn-based models and put them into production. A code issue vulnerability exists in Skops 0.12.0 and earlier versions that stems from the Card.getmodel function not preventing arbitrary code execution, which could lead to ...
GHSA-378X-6P4F-8JGM SKOPS Card.get_model happily allows arbitrary code execution
Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54886 via skops (>=0.10.0 <=0.11.0)
skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54886 Source advisory: SNYK:PYTHON-SKOPS-11509790...
aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54886 via skops (>=0.10.0 <=0.11.0)
skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54886 Source advisory: OSV:GHSA-378X-6P4F-8JGM...
Deserialization of Untrusted Data
Overview skops is an A set of tools to push scikit-learn based models to and pull from Hugging Face Hub Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getmodel function due to insecure pickle loading. An attacker can execute arbitrary code by supplyi...
SKOPS Card.get_model happily allows arbitrary code execution
Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
PT-2025-32333 · Skops · Skops
Name of the Vulnerable Software and Affected Versions: skops versions 0.12.0 and below skops versions prior to 0.13.0 Description: The Card.get model function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both joblib and skops for mode...
Arbitrary Code Execution
skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent operator function handling due to a flaw in OperatorFuncNode that allows untrusted operator methods to be hidden and reused to invoke seemingly safe functions...
Arbitrary Code Execution
skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to exploitation of the MethodNode class, which allows unexpected attribute access via dot notation during model loading...
CVE-2025-54413
A flaw was found in skops. An inconsistency in MethodNode allows access to unexpected object fields through dot notation when a specially crafted model file is loaded. This issue allows arbitrary code execution at load time...
CVE-2025-54412
A flaw was found in skops. An inconsistency in OperatorFuncNode can hide the execution of untrusted operator methods when a specially crafted model file is loaded. This issue allows arbitrary code execution at load time...
aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54413 via skops (>=0.10.0 <=0.11.0)
skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54413 Source advisory: SNYK:PYTHON-SKOPS-11023249...