Joblib Project

joblib_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Joblib

joblib

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-34997 1Joblib Project 1Joblib Sep 29, 2025 May 17, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only us...Show more joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.Show less
CVE-2022-21797 3Debian FedoraprojectJoblib Project 3Debian Linux FedoraJoblib Nov 21, 2024 Sep 26, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-34997

1Joblib Project

1Joblib

Sep 29, 2025

May 17, 2024

N/A· v4

7.5 HIGH· v3

N/A· v2

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only us...Show more

CVE-2022-21797

3Debian

FedoraprojectJoblib Project

3Debian Linux

FedoraJoblib

Nov 21, 2024

Sep 26, 2022

N/A· v4

9.8 CRITICAL· v3

N/A· v2

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.