Joblib

joblib

Vendor: Joblib Project • 2 CVEs

CVEs (2)

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-34997

1Joblib Project

1Joblib

Sep 29, 2025

May 17, 2024

N/A· v4

7.5 HIGH· v3

N/A· v2

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only us...Show more

CVE-2022-21797

3Debian

FedoraprojectJoblib Project

3Debian Linux

FedoraJoblib

Nov 21, 2024

Sep 26, 2022

N/A· v4

9.8 CRITICAL· v3

N/A· v2

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.