Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-3jxq-5xhh-9jr3: Cross-Site Scripting (XSS) in TYPO3 component Backend

Failing to properly encode incoming data, the bookmark toolbar is susceptible to Cross-Site Scripting.

ghsa
Open in Source
#xss#git#perl
GHSA-q49c-6v6g-wgq3: Skops unsafe deserialization

Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.

GHSA-j8mg-pqc5-x9gj: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.

GHSA-wf7f-8fxf-xfxc: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.

GHSA-pqcv-qw2r-r859: MLFlow improper input validation

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run due to unfiltered input.

GHSA-cwgg-w6mp-w9hg: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.

GHSA-2r57-2mrh-ggjv: ydata cross-site scripting

A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.

GHSA-cg49-hrj4-3rpr: ydata unsafe deserialization

Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.

GHSA-fpvj-m2h6-6wc5: ydata unsafe deserialization

Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded.

GHSA-cv6c-7963-wxcg: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.