VYPR

Ms Swift

by Modelscope

Source repositories

CVEs (4)

  • CVE-2025-50472CriAug 1, 2025
    risk 0.64cvss 9.8epss 0.01

    The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class. Attackers can execute arbitrary code and commands by crafting a malicious…

  • CVE-2025-50460CriAug 1, 2025
    risk 0.57cvss 9.8epss 0.02

    A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to…

  • CVE-2025-41419medJul 31, 2025
    risk 0.19cvss epss 0.01

    **I. Detailed Description:** This includes scenarios, screenshots, vulnerability reproduction methods. For account-related vulnerabilities, please provide test accounts. If the reproduction process is complex, you may record a video, upload it to Taopan, and attach the link. …

  • CVE-2026-10801LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be…