scikit-learn

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting scikit-learnpage 1 of 1

CVE-2020-13092CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.23.1
2020-05-15
vulnerable: 0.9 ... 0.23.0 (48 versions)
scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the j…
CVE-2020-28975HIGHCVSS 7.5EG 7.5✓ Fixed in 0.24.dev0
2020-11-21
vulnerable: 0.9 ... 0.23.2 (50 versions)
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model pe…
CVE-2024-5206MEDIUMCVSS 4.7EG 4.7✓ Fixed in 1.5.0
2024-06-06
vulnerable: 0.10 ... 1.5.0rc1 (61 versions)
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of al…

Check whether scikit-learn is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for scikit-learn CVEs against the assets you own.

Start Free Scan →