Security Advisory

HiddenLayer’s Synaptic Adversarial Intelligence (SAI) team consists of multidisciplinary cybersecurity experts and data scientists dedicated to raising awareness about threats to machine learning and artificial intelligence systems. Our mission is to educate data scientists, MLDevOps teams, and cybersecurity practitioners on evaluating ML/AI vulnerabilities and risks, promoting more security-conscious implementations and deployments.

During our research, we identify numerous vulnerabilities within ML/AI projects. While our research blogs cover those that we consider to be most impactful, some affect only specific projects or use cases. We’ve therefore created this dedicated space to share all of our findings, enabling users within our community to keep updated on new vulnerabilities, including security issues that have not been assigned a CVE.

December 2024

SAI-ADV-2024-004 keras.models.load_model when scanning .h5 files leads to arbitrary code execution December 16, 2024

Bosch AI

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
SAI-ADV-2024-005 keras.models.load_model when scanning .pb files leads to arbitrary code execution December 16, 2024

Bosch AI

A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious payloads. A maliciously crafted .h5 file will execute its payload when run with keras.models.load_model, allowing for a user’s device to be compromised when scanning a downloaded file.

Read More

October 2024

CVE-2024-0129 Unsafe extraction of NeMo archive leading to arbitrary file write October 24, 2024

NVIDIA NeMo

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More

September 2024

CVE-2024-45858 Eval on XML parameters allows arbitrary code execution when loading RAIL file September 18, 2024

Guardrails

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-27321 Eval on CSV data allows arbitrary code execution in the MLCTaskValidate class September 12, 2024

Autolabel

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-27320 Eval on CSV data allows arbitrary code execution in the ClassificationTaskValidate class September 12, 2024

Autolabel

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45857 Unsafe deserialization in Datalab leads to arbitrary code execution September 12, 2024

Cleanlab

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45846 Eval on query parameters allows arbitrary code execution in Weaviate integration September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45847 Eval on query parameters allows arbitrary code execution in Vector Database integrations September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45848 Eval on query parameters allows arbitrary code execution in ChromaDB integration September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45849 Eval on query parameters allows arbitrary code execution in SharePoint integration list creation September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45850 Eval on query parameters allows arbitrary code execution in SharePoint integration site column creation September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45851 Eval on query parameters allows arbitrary code execution in SharePoint integration list item creation September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45852 Pickle Load on BYOM model load leads to arbitrary code execution September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45853 Pickle Load on inhouse BYOM model prediction leads to arbitrary code execution September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45854 Pickle Load on inhouse BYOM model describe query leads to arbitrary code execution September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45855 Pickle Load on inhouse BYOM model finetune leads to arbitrary code execution September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-45856 Web UI renders javascript code in ML Engine name leading to XSS September 12, 2024

MindsDB

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More

August 2024

SAI-ADV-2024-002 Exec on untrusted LLM output leading to arbitrary code execution on Evaporate integration August 30, 2024

LlamaIndex

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
SAI-ADV-2024-003 Exec on untrusted LLM output leading to arbitrary code execution on Evaporate integration August 12, 2024

LlamaIndex

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More

July 2024

CVE-2024-37066 Crafted WiFI network name (SSID) leads to arbitrary command injection July 19, 2024

Wyze Cam V4

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
SAI-ADV-2024-001 Model Deserialization Leads to Code Execution July 11, 2024

Tensorflow Probability

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More

June 2024

CVE-2024-37065 Model Deserialization Leads to Code Execution June 4, 2024

Skops

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37064 Pickle Load in Read Pandas Utility Function June 4, 2024

YData-profiling

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37061 Remote Code Execution on Local System via MLproject YAML File June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37060 Pickle Load on Recipe Run Leading to Code Execution June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37059 Cloudpickle Load on PyTorch Model Load Leading to Code Execution June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37058 Cloudpickle Load on Langchain Model Load Leading to Code Execution June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37057 Cloudpickle Load on TensorFlow Keras Model Leading to Code Execution June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37056 Cloudpickle Load on LightGBM SciKit Learn Model Leading to Code Execution June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37055 Pickle Load on Pmdarima Model Load Leading to Code Execution June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37054 Cloudpickle Load on PyFunc Model Load Leading to Code Execution June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37053 Pickle Load on Sklearn Model Load Leading to Code Execution June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37052 Cloudpickle Load on Sklearn Model Load Leading to Code Execution June 4, 2024

MLflow

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37063 XSS Injection in HTML Profile Report Generation June 1, 2024

YData-profiling

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-37062 Pickle Load in Serialized Profile Load June 1, 2024

YData-profiling

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More

April 2024

CVE-2024-34073 Command Injection in CaptureDependency Function April 30, 2024

AWS Sagemaker

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-34072 Numpy defaults to allowing Pickle to be run when content type is NPY or NPZ April 30, 2024

AWS Sagemaker

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-27322 R-bitrary Code Execution Through Deserialization Vulnerability April 1, 2024

R

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More

February 2024

CVE-2024-27319 Out of bounds read due to lack of string termination in assert February 23, 2024

ONNX

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-27318 Path sanitization bypass leading to arbitrary read February 23, 2024

ONNX

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-24591 Path Traversal on File Download Leading to Arbitrary Write February 6, 2024

ClearML

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-24595 Credentials Stored in Plaintext in MongoDB Instance February 1, 2024

ClearML

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-24594 Web Server Renders User HTML Leading to XSS February 1, 2024

ClearML

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-24593 Cross-site Request Forgery in ClearML Server February 1, 2024

ClearML

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-24592 Improper Auth Leading to Arbitrary Read-Write Access February 1, 2024

ClearML

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More
CVE-2024-24590 Pickle Load on Artifact Get Leading to Code Execution February 1, 2024

ClearML

keras.models.load_model when scanning .h5 files leads to arbitrary code execution CVE Number SAI-ADV-2024-004 Summary A vulnerability exists inside the unsafe_check_h5 function within the watchtower/src/utils/model_inspector_util.py file. This function runs keras.models.load_model on the .h5 file the user wants to scan for malicious...

Read More

HiddenLayer, a Gartner recognized Cool Vendor for AI Security, is the leading provider of Security for AI. Its security platform helps enterprises safeguard the machine learning models behind their most important products. HiddenLayer is the only company to offer turnkey security for AI that does not add unnecessary complexity to models and does not require access to raw data and algorithms. Founded by a team with deep roots in security and ML, HiddenLayer aims to protect enterprise’s AI from inference, bypass, extraction attacks, and model theft. The company is backed by a group of strategic investors, including M12, Microsoft’s Venture Fund, Moore Strategic Ventures, Booz Allen Ventures, IBM Ventures, and Capital One Ventures.

Book a Demo

Security Advisory

December 2024

SAI-ADV-2024-004 keras.models.load_model when scanning .h5 files leads to arbitrary code execution December 16, 2024

SAI-ADV-2024-005 keras.models.load_model when scanning .pb files leads to arbitrary code execution December 16, 2024

October 2024

CVE-2024-0129 Unsafe extraction of NeMo archive leading to arbitrary file write October 24, 2024

September 2024

CVE-2024-45858 Eval on XML parameters allows arbitrary code execution when loading RAIL file September 18, 2024

CVE-2024-27321 Eval on CSV data allows arbitrary code execution in the MLCTaskValidate class September 12, 2024

CVE-2024-27320 Eval on CSV data allows arbitrary code execution in the ClassificationTaskValidate class September 12, 2024

CVE-2024-45857 Unsafe deserialization in Datalab leads to arbitrary code execution September 12, 2024

CVE-2024-45846 Eval on query parameters allows arbitrary code execution in Weaviate integration September 12, 2024

CVE-2024-45847 Eval on query parameters allows arbitrary code execution in Vector Database integrations September 12, 2024

CVE-2024-45848 Eval on query parameters allows arbitrary code execution in ChromaDB integration September 12, 2024

CVE-2024-45849 Eval on query parameters allows arbitrary code execution in SharePoint integration list creation September 12, 2024

CVE-2024-45850 Eval on query parameters allows arbitrary code execution in SharePoint integration site column creation September 12, 2024

CVE-2024-45851 Eval on query parameters allows arbitrary code execution in SharePoint integration list item creation September 12, 2024

CVE-2024-45852 Pickle Load on BYOM model load leads to arbitrary code execution September 12, 2024

CVE-2024-45853 Pickle Load on inhouse BYOM model prediction leads to arbitrary code execution September 12, 2024

CVE-2024-45854 Pickle Load on inhouse BYOM model describe query leads to arbitrary code execution September 12, 2024

CVE-2024-45855 Pickle Load on inhouse BYOM model finetune leads to arbitrary code execution September 12, 2024

CVE-2024-45856 Web UI renders javascript code in ML Engine name leading to XSS September 12, 2024

August 2024

SAI-ADV-2024-002 Exec on untrusted LLM output leading to arbitrary code execution on Evaporate integration August 30, 2024

SAI-ADV-2024-003 Exec on untrusted LLM output leading to arbitrary code execution on Evaporate integration August 12, 2024

July 2024

CVE-2024-37066 Crafted WiFI network name (SSID) leads to arbitrary command injection July 19, 2024

SAI-ADV-2024-001 Model Deserialization Leads to Code Execution July 11, 2024

June 2024

CVE-2024-37065 Model Deserialization Leads to Code Execution June 4, 2024

CVE-2024-37064 Pickle Load in Read Pandas Utility Function June 4, 2024

CVE-2024-37061 Remote Code Execution on Local System via MLproject YAML File June 4, 2024

CVE-2024-37060 Pickle Load on Recipe Run Leading to Code Execution June 4, 2024

CVE-2024-37059 Cloudpickle Load on PyTorch Model Load Leading to Code Execution June 4, 2024

CVE-2024-37058 Cloudpickle Load on Langchain Model Load Leading to Code Execution June 4, 2024

CVE-2024-37057 Cloudpickle Load on TensorFlow Keras Model Leading to Code Execution June 4, 2024

CVE-2024-37056 Cloudpickle Load on LightGBM SciKit Learn Model Leading to Code Execution June 4, 2024

CVE-2024-37055 Pickle Load on Pmdarima Model Load Leading to Code Execution June 4, 2024

CVE-2024-37054 Cloudpickle Load on PyFunc Model Load Leading to Code Execution June 4, 2024

CVE-2024-37053 Pickle Load on Sklearn Model Load Leading to Code Execution June 4, 2024

CVE-2024-37052 Cloudpickle Load on Sklearn Model Load Leading to Code Execution June 4, 2024

CVE-2024-37063 XSS Injection in HTML Profile Report Generation June 1, 2024

CVE-2024-37062 Pickle Load in Serialized Profile Load June 1, 2024

April 2024

CVE-2024-34073 Command Injection in CaptureDependency Function April 30, 2024

CVE-2024-34072 Numpy defaults to allowing Pickle to be run when content type is NPY or NPZ April 30, 2024

CVE-2024-27322 R-bitrary Code Execution Through Deserialization Vulnerability April 1, 2024

February 2024

CVE-2024-27319 Out of bounds read due to lack of string termination in assert February 23, 2024

CVE-2024-27318 Path sanitization bypass leading to arbitrary read February 23, 2024

CVE-2024-24591 Path Traversal on File Download Leading to Arbitrary Write February 6, 2024

CVE-2024-24595 Credentials Stored in Plaintext in MongoDB Instance February 1, 2024

CVE-2024-24594 Web Server Renders User HTML Leading to XSS February 1, 2024

CVE-2024-24593 Cross-site Request Forgery in ClearML Server February 1, 2024

CVE-2024-24592 Improper Auth Leading to Arbitrary Read-Write Access February 1, 2024

CVE-2024-24590 Pickle Load on Artifact Get Leading to Code Execution February 1, 2024