Lucene search
+L

10 matches found

RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.13 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29506

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

6.3AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/12 6:30 p.m.10 views

Deserialization of Untrusted Data

Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Trainer.load function. An attacker can execute arbitrary code by supplying a maliciously crafted model file that ...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 4:16 p.m.14 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS0.00392EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

6.3AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 12:0 a.m.31 views

CVE-2026-31222

The Snorkel library prior to v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in Trainer.load(), where model checkpoints are loaded with torch.load() without weights_only=True. This allows deserialization of arbitrary Python objects via Pickle, enabling remote code execution w...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.37 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.27 views

PT-2026-40061

Name of the Vulnerable Software and Affected Versions snorkel versions prior to 0.10.1 Description Insecure deserialization occurs in the Trainer.load method of the Trainer class. The method utilizes torch.load to load model checkpoint files without enabling the weights only=True parameter. This...

8.8CVSS6.4AI score0.00392EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.18 views

Snorkel 安全漏洞

Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the Trainer class’s Trainer.load method, which uses torch.load to load model...

8.8CVSS6.2AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 12:0 a.m.4 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.6AI score0.00392EPSS
Exploits0References4
Rows per page
Query Builder