VYPR

Skops

by Skops Dev

pypi: skops

Source repositories

CVEs (4)

  • CVE-2024-37065HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.

  • CVE-2025-54413HigJul 26, 2025
    risk 0.50cvss epss 0.00

    skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary…

  • CVE-2025-54412HigJul 26, 2025
    risk 0.50cvss epss 0.00

    skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse…

  • CVE-2025-54886HigAug 8, 2025
    risk 0.48cvss 8.4epss 0.00

    skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function supports both joblib and skops for model…