VYPR

PyPI package

skops

pkg:pypi/skops

Vulnerabilities (4)

  • CVE-2025-54886HigAug 8, 2025
    affected < 0.13.0fixed 0.13.0

    skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function supports both joblib and skops for model loadin

  • CVE-2025-54413HigJul 26, 2025
    affected < 0.12.0fixed 0.12.0

    skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code

  • CVE-2025-54412HigJul 26, 2025
    affected < 0.12.0fixed 0.12.0

    skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse

  • CVE-2024-37065HigJun 4, 2024
    affected >= 0.6, <= 0.9

    Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.