VYPR

PyPI package

scikit-learn

pkg:pypi/scikit-learn

Vulnerabilities (3)

  • CVE-2024-5206Jun 6, 2024
    affected < 1.5.0fixed 1.5.0

    A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data wit

  • CVE-2020-28975Nov 21, 2020
    affected >= 0.23.2, < 1.0.1fixed 1.0.1

    svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in

  • CVE-2020-13092May 15, 2020
    affected <= 0.23.0

    scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as un