19 matches found
CVE-2026-8755
The CVE-2026-8755 affects fishaudio Bert-VITS2 (up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c) with a vulnerability in the Model Handler component. Specifically, the function _get_all_models in hiyoriUI.py enables path traversal. This is a remote exploitable issue, and an exploit has been...
Bert-VITS2 路径遍历漏洞
Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability, which stems from the getallmodels function in the hiyoriUI.py file within the Model Handler component. Attackers could potentially exploit this vulnerability remotely...
EUVD-2025-13512
Malicious code in bioql PyPI...
EUVD-2025-13510
Malicious code in bioql PyPI...
GPT-SoVITS-WebUI code issue vulnerability (CNVD-2025-23576)
GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI, which stems from insecure deserialization of bsroformer.py when receiving serialized data submitted by a user, and can be exploited by an attacker to execute arbitrary commands on the system...
CVE-2025-43845
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckptpath2 variable takes user input e.g. a path to a model and passes it to changeinfo function, which opens and reads the file on the given path...
CVE-2025-43852 GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , if modelname contains t...
CVE-2025-43852
CVE-2025-43852 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project). The vulnerable component is the code path in VR where the model path input is assigned to the AudioPreDeEcho class via the model_name check for the string "DeEcho"; within AudioPreDeEcho, user input is passed to torch.lo...
CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...
CVE-2025-43849 GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...
CVE-2025-43848 GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it...
CVE-2025-43848 GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it...
CVE-2025-43848 GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it...
CVE-2025-43847 GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath2 variable takes user input e.g. a path to a model and passes it to the extractsmallmodel function in processckpt.py, which uses ...
CVE-2025-43846 GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath1 variable takes user input e.g. a path to a model and passes it to the showinfo function in processckpt.py, which uses it to loa...
CVE-2025-43845 GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckptpath2 variable takes user input e.g. a path to a model and passes it to changeinfo function, which opens and reads the file on the given path...
CVE-2025-43844 GHSL-2025-014_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, among others, take user input and pass it to the clicktrain function, which concatenates them into a command that is run on...
PT-2024-28624 · Unknown · Bert-Vits2
Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue arises from user input being directly used in a command executed with subprocess.runcmd, shell=True in the resample function, leading to arbitrary command execution. This is due to th...
PT-2024-28627 · Bert-Vits · Bert-Vits
Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue is related to the data dir variable, where user input is concatenated with other folders and used to open a new file in the generate config function, leading to a limited file write...