CVE-2025-43848 GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it...

CVE-2025-43848 GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it...

CVE-2025-43848 GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it...

CVE-2025-43847 GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath2 variable takes user input e.g. a path to a model and passes it to the extractsmallmodel function in processckpt.py, which uses ...

CVE-2025-43845 GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckptpath2 variable takes user input e.g. a path to a model and passes it to changeinfo function, which opens and reads the file on the given path...