11 matches found
EUVD-2025-13514
Malicious code in bioql PyPI...
EUVD-2025-6786
Malicious code in bioql PyPI...
CVE-2025-49840
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...
CVE-2025-43850
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...
CVE-2025-43850
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...
CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...
CVE-2025-43845 GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckptpath2 variable takes user input e.g. a path to a model and passes it to changeinfo function, which opens and reads the file on the given path...
CVE-2025-43844 GHSL-2025-014_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, among others, take user input and pass it to the clicktrain function, which concatenates them into a command that is run on...
CVE-2025-43843 GHSL-2025-013_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7 and f0method8 take user input and pass it into the extractf0feature function, which concatenates them into a command th...
CVE-2025-43842 GHSL-2025-012_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7, trainsetdir4 and sr2 take user input and pass it to the preprocessdataset function, which concatenates them into a...
PT-2025-19766 · Unknown · Retrieval-Based-Voice-Conversion-Webui
Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI, a voice changing framework based on VITS, is susceptible to unsafe deserialization. The model choose variable accepts...