VYPR

Ludwig

by Ludwig AI

Source repositories

CVEs (2)

  • CVE-2026-31238CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load() without enabling the security-restrictive…

  • CVE-2026-31237CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict() method, the framework automatically determines the file format. If the file is a pickle (.pkl) file, it is…