Gpt-sovits-webui Security Vulnerabilities and Issues — Gpt-sovits-webui CVE List

Lucene search

Rvc-bossGpt-sovits-webui

9 matches found

CVE•added 2025/07/15 9:15 p.m.•15 views

CVE-2025-49833

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py open_slice function. slice_opt_root and slice-inp-path takes user input, which is passed to the open_slice function, which concatenates the u...

9.8CVSS7.2AI score0.00243EPSS

CVE•added 2025/07/15 9:15 p.m.•11 views

CVE-2025-49834

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_denoise function. denoise_inp_dir and denoise_opt_dir take user input, which is passed to the open_denoise function, which concatenates the ...

9.8CVSS7.3AI score0.00308EPSS

Web

CVE•added 2025/07/15 9:15 p.m.•10 views

CVE-2025-49841

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in process_ckpt.py. The SoVITS_dropdown variable takes user input and passes it to the load_sovits_new function in process_ckpt.py. In load_sovits_new,...

9.8CVSS6.5AI score0.00058EPSS

CVE•added 2025/07/15 9:15 p.m.•9 views

CVE-2025-49835

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_asr function. asr_inp_dir (and a number of other variables) takes user input, which is passed to the open_asr function, which concatenates t...

9.8CVSS7.2AI score0.00243EPSS

CVE•added 2025/07/15 9:15 p.m.•9 views

CVE-2025-49837

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of Aud...

9.8CVSS6.5AI score0.00061EPSS

CVE•added 2025/07/15 9:15 p.m.•8 views

CVE-2025-49838

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance ...

9.8CVSS6.5AI score0.00061EPSS

CVE•added 2025/07/15 9:15 p.m.•8 views

CVE-2025-49840

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inference_webui.py. The GPT_dropdown variable takes user input and passes it to the change_gpt_weights function. In change_gpt_weights, the user inp...

9.8CVSS6.5AI score0.00058EPSS

CVE•added 2025/07/15 9:15 p.m.•7 views

CVE-2025-49836

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py change_label function. path_list takes user input, which is passed to the change_label function, which concatenates the user input into a command...

9.8CVSS7.2AI score0.00308EPSS

CVE•added 2025/07/15 9:15 p.m.•7 views

CVE-2025-49839

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of Rofo...

9.8CVSS6.5AI score0.00061EPSS