Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/scikit-learn@0.15.0b2
Typepypi
Namespace
Namescikit-learn
Version0.15.0b2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.5.0
Latest_non_vulnerable_version1.5.0
Affected_by_vulnerabilities
0
url VCID-fcrh-qvee-ryhf
vulnerability_id VCID-fcrh-qvee-ryhf
summary scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13092
reference_id
reference_type
scores
0
value 0.00883
scoring_system epss
scoring_elements 0.75831
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13092
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13092
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13092
2
reference_url https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md
3
reference_url https://github.com/advisories/GHSA-jjw5-xxj6-pcv5
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-jjw5-xxj6-pcv5
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/scikit-learn/PYSEC-2020-107.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/scikit-learn/PYSEC-2020-107.yaml
5
reference_url https://github.com/scikit-learn/scikit-learn
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/scikit-learn/scikit-learn
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13092
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13092
7
reference_url https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations
fixed_packages
0
url pkg:pypi/scikit-learn@0.23.1
purl pkg:pypi/scikit-learn@0.23.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eugr-crnj-77dc
1
vulnerability VCID-fd91-hz39-73fy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scikit-learn@0.23.1
aliases CVE-2020-13092, GHSA-jjw5-xxj6-pcv5, PYSEC-2020-107
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcrh-qvee-ryhf
1
url VCID-fd91-hz39-73fy
vulnerability_id VCID-fd91-hz39-73fy
summary svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28975
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.4862
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28975
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/scikit-learn/PYSEC-2020-108.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/scikit-learn/PYSEC-2020-108.yaml
2
reference_url https://github.com/scikit-learn/scikit-learn
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scikit-learn/scikit-learn
3
reference_url https://github.com/scikit-learn/scikit-learn/issues/18891
reference_id 18891
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T20:03:17Z/
url https://github.com/scikit-learn/scikit-learn/issues/18891
4
reference_url https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85
reference_id 1bf13d567d3cd74854aa8343fd25b61dd768bb85
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T20:03:17Z/
url https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85
5
reference_url https://security.gentoo.org/glsa/202301-03
reference_id 202301-03
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T20:03:17Z/
url https://security.gentoo.org/glsa/202301-03
6
reference_url http://seclists.org/fulldisclosure/2020/Nov/44
reference_id 44
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T20:03:17Z/
url http://seclists.org/fulldisclosure/2020/Nov/44
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28975
reference_id CVE-2020-28975
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28975
8
reference_url https://github.com/advisories/GHSA-jxfp-4rvq-9h9m
reference_id GHSA-jxfp-4rvq-9h9m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jxfp-4rvq-9h9m
9
reference_url http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html
reference_id SciKit-Learn-0.23.2-Denial-Of-Service.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T20:03:17Z/
url http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html
10
reference_url https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501
reference_id svm.cpp#L2501
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T20:03:17Z/
url https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501
fixed_packages
0
url pkg:pypi/scikit-learn@0.24.dev0
purl pkg:pypi/scikit-learn@0.24.dev0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scikit-learn@0.24.dev0
1
url pkg:pypi/scikit-learn@1.0.1
purl pkg:pypi/scikit-learn@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eugr-crnj-77dc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scikit-learn@1.0.1
aliases CVE-2020-28975, GHSA-jxfp-4rvq-9h9m, PYSEC-2020-108
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fd91-hz39-73fy
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/scikit-learn@0.15.0b2