VulnerableCode Package Details - pkg:pypi/scikit-learn@0.23.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-eugr-crnj-77dc Aliases: CVE-2024-5206 GHSA-jw8x-6495-233v PYSEC-2024-110		1.5.0 Affected by 0 other vulnerabilities.
VCID-fd91-hz39-73fy Aliases: CVE-2020-28975 GHSA-jxfp-4rvq-9h9m PYSEC-2020-108	svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.	0.24.dev0 Affected by 0 other vulnerabilities. 1.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-eugr-crnj-77dc
Aliases:
CVE-2024-5206
GHSA-jw8x-6495-233v
PYSEC-2024-110

1.5.0
Affected by 0 other vulnerabilities.

VCID-fd91-hz39-73fy
Aliases:
CVE-2020-28975
GHSA-jxfp-4rvq-9h9m
PYSEC-2020-108

svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

0.24.dev0
Affected by 0 other vulnerabilities.

1.0.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-fcrh-qvee-ryhf	scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner	CVE-2020-13092 GHSA-jjw5-xxj6-pcv5 PYSEC-2020-107

Vulnerability

Summary

Aliases

VCID-fcrh-qvee-ryhf

scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner

CVE-2020-13092
GHSA-jjw5-xxj6-pcv5
PYSEC-2020-107

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T09:01:21.931746+00:00	GHSA Importer	Fixing	VCID-fcrh-qvee-ryhf	https://github.com/advisories/GHSA-jjw5-xxj6-pcv5	38.6.0
2026-06-12T19:31:42.145706+00:00	GitLab Importer	Affected by	VCID-eugr-crnj-77dc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/scikit-learn/CVE-2024-5206.yml	38.6.0
2026-06-12T18:18:38.540493+00:00	GitLab Importer	Fixing	VCID-fcrh-qvee-ryhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/scikit-learn/CVE-2020-13092.yml	38.6.0
2026-06-12T04:18:42.327555+00:00	Pypa Importer	Affected by	VCID-eugr-crnj-77dc	https://github.com/pypa/advisory-database/blob/main/vulns/scikit-learn/PYSEC-2024-110.yaml	38.6.0
2026-06-12T04:04:53.494913+00:00	Pypa Importer	Affected by	VCID-fd91-hz39-73fy	https://github.com/pypa/advisory-database/blob/main/vulns/scikit-learn/PYSEC-2020-108.yaml	38.6.0
2026-06-12T04:03:36.506383+00:00	Pypa Importer	Fixing	VCID-fcrh-qvee-ryhf	https://github.com/pypa/advisory-database/blob/main/vulns/scikit-learn/PYSEC-2020-107.yaml	38.6.0
2026-06-11T20:46:51.020953+00:00	PyPI Importer	Affected by	VCID-fd91-hz39-73fy	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T20:45:32.446621+00:00	PyPI Importer	Fixing	VCID-fcrh-qvee-ryhf	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0