Skip to main content

Scikit Learn

3 CVEs product

Monthly

CVE-2024-5206 PyPI MEDIUM PATCH This Month

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. Rated medium severity (CVSS 4.7).

Information Disclosure Scikit Learn
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-28975 PyPI HIGH POC PATCH This Week

svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Scikit Learn
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-13092 PyPI CRITICAL POC PATCH Act Now

scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Scikit Learn
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. Rated medium severity (CVSS 4.7).

Information Disclosure Scikit Learn
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Scikit Learn
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Scikit Learn
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy