Lucene search
+L

132 matches found

osv
osv
added 2026/05/12 6:30 p.m.7 views

GHSA-XP5Q-5Q7G-Q26R Ludwig framework is vulnerable to insecure deserialization in its model serving component

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS6.3AI score0.00497EPSS
Exploits0References3
euvd
euvd
added 2026/05/12 6:30 p.m.13 views

EUVD-2026-29552

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

6.3AI score0.006EPSS
Exploits0References3
euvd
euvd
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29506

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

6.3AI score0.00392EPSS
Exploits0References3
euvd
euvd
added 2026/05/12 6:30 p.m.15 views

EUVD-2026-29508

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

6.3AI score0.00392EPSS
Exploits0References3
osv
osv
added 2026/05/12 6:30 p.m.11 views

GHSA-GPX5-7XM4-229W Snorkel MultitaskClassifier.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References3
osv
osv
added 2026/05/12 6:30 p.m.10 views

GHSA-78CP-F66X-QMH5 Snorkel Trainer.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References3
euvd
euvd
added 2026/05/12 6:30 p.m.10 views

EUVD-2026-29502

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

6.3AI score0.00559EPSS
Exploits0References3
nvd
nvd
added 2026/05/12 6:16 p.m.10 views

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS0.00497EPSS
Exploits0References2
nvd
nvd
added 2026/05/12 4:16 p.m.14 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS0.00392EPSS
Exploits0References2
nvd
nvd
added 2026/05/12 4:16 p.m.14 views

CVE-2026-31224

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS0.00392EPSS
Exploits0References2
nvd
nvd
added 2026/05/12 4:16 p.m.10 views

CVE-2026-31214

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...

9.8CVSS0.00486EPSS
Exploits0References2
nvd
nvd
added 2026/05/12 4:16 p.m.12 views

CVE-2026-31219

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...

8.8CVSS0.00559EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

6.3AI score0.00559EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.7 views

OptiMate 安全漏洞

OptiMate is an AI model optimization tool library developed by Nebuly. There is a security vulnerability in OptiMate. This vulnerability stems from the loadmodel function in the neuralmagictraining.py script, which loads model files using torch.load, without enabling the weightsonly=True paramete...

8.8CVSS6.2AI score0.00559EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.10 views

OptiMate 安全漏洞

OptiMate is an AI model optimization tool library developed by Nebuly. There is a security vulnerability in OptiMate. This vulnerability stems from the loadmodel function in the neuralmagictraining.py script, which loads the statedict.pt file using torch.load, without enabling the weightsonly=Tru...

8.8CVSS6.2AI score0.00559EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31219

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...

6.3AI score0.00559EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/12 12:0 a.m.11 views

PT-2026-40116

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

6.3AI score0.006EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/12 12:0 a.m.6 views

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

6.3AI score0.00497EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.10 views

Mamba 安全漏洞

Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/12 12:0 a.m.12 views

PT-2026-40125

Name of the Vulnerable Software and Affected Versions Ludwig framework versions prior to 0.10.5 Description The model serving component is subject to insecure deserialization. When initiating a model server via the ludwig serve command, the framework utilizes the torch.load function to load model...

9.8CVSS6.5AI score0.00497EPSS
Exploits0References7
Rows per page
Query Builder