Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.11 views

CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

8.8CVSS6.5AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.15 views

EUVD-2026-29508

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

6.3AI score0.00392EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.10 views

EUVD-2026-29506

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

6.3AI score0.00392EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 6:30 p.m.8 views

GHSA-GPX5-7XM4-229W Snorkel MultitaskClassifier.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 6:30 p.m.7 views

GHSA-FQ92-QC8F-482V Snorkel BaseLabeler.load uses an unsafe pickle.load

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

8.8CVSS6.5AI score0.00392EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 4:16 p.m.16 views

CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

8.8CVSS0.00392EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 4:16 p.m.14 views

CVE-2026-31224

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40061

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weights only=True parameter. This default behavior allows...

6.3AI score0.00392EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.31 views

CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

0.00392EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

6.5AI score0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40062

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

6.5AI score0.00392EPSS
Exploits0References3
Rows per page
Query Builder