skops

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting skopspage 1 of 1

CVE-2024-37065HIGHCVSS 7.8EG 7.8
2024-06-04
vulnerable: 0.6.0, 0.7.0, 0.7.post0, 0.8.0, 0.9.0
Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.
CVE-2025-54412HIGHCVSS 8.7EG 0.0✓ Fixed in 0.12.0
2025-07-26
vulnerable: 0.1 ... 0.9.0 (13 versions)
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator method…
CVE-2025-54413HIGHCVSS 8.7EG 0.0✓ Fixed in 0.12.0
2025-07-26
vulnerable: 0.1 ... 0.9.0 (13 versions)
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. T…
CVE-2025-54886HIGHCVSS 8.4EG 8.4✓ Fixed in 0.13.0
2025-08-08
vulnerable: 0.1 ... 0.9.0 (14 versions)
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function suppor…

Check whether skops is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for skops CVEs against the assets you own.

Start Free Scan →