Tag
#deserialization
4 posts tagged deserialization.
- Vulnerability Disclosure
LangChain Security Vulnerabilities 2026: CVEs, Attack Chains, and What to Patch
Four verified CVEs in LangChain and LangGraph expose API secrets, filesystem files, and conversation history. CVSS scores, attack paths, and patch
- Vulnerability Tracking
Hugging Face Transformers & Hub: Supply-Chain Risks and Real Advisories
The Hugging Face ecosystem is the npm of machine learning — and it carries the same supply-chain exposure. A tour of verified Transformers CVEs and what
- Vulnerability Tracking
PyTorch Security: Notable CVEs and How to Harden Your Loading Path
PyTorch's most consequential CVEs cluster around one thing — loading a model file that runs code. A walk through the verified entries, what each actually
- Vulnerability Tracking
Unsafe Model Deserialization: The Pickle Problem Behind ML CVEs
Loading a model file can execute arbitrary code. This is the single most repeated vulnerability class in the ML supply chain — the real CVEs, why the