Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ModelScope — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting ModelScope. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Modelscope is an AI platform providing model development and deployment services with 15 recorded CVEs. Its core use case involves creating and sharing machine learning models across various domains. Historically, common vulnerabilities include remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure API endpoints. The platform has faced security incidents related to unauthorized access and data exposure, highlighting risks in its model sharing infrastructure. While offering extensive AI capabilities, its security track record indicates persistent challenges in securing user-generated content and access controls, requiring ongoing attention to mitigate potential exploitation risks.

Top products by ModelScope: modelscope/agentscope agentscope ms-agent
CVE IDTitleCVSSSeverityPublished
CVE-2026-6606 modelscope agentscope _agent_base.py _process_audio_block server-side request forgery — agentscopeCWE-918 7.3 High2026-04-20
CVE-2026-6605 modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery — agentscopeCWE-918 7.3 High2026-04-20
CVE-2026-6604 modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery — agentscopeCWE-918 7.3 High2026-04-20
CVE-2026-6603 modelscope agentscope _python.py execute_shell_command code injection — agentscopeCWE-94 7.3 High2026-04-20
CVE-2026-2256 Command injection vulnerability in ModelScope's ms-agent — ms-agent 9.8AICriticalAI2026-03-02
CVE-2024-8487 CORS Vulnerability in modelscope/agentscope — modelscope/agentscopeCWE-346 9.1 -2025-03-20
CVE-2024-8556 Stored XSS in modelscope/agentscope — modelscope/agentscopeCWE-79 5.4 -2025-03-20
CVE-2024-8524 Directory Traversal in modelscope/agentscope — modelscope/agentscopeCWE-22 7.5 -2025-03-20
CVE-2024-8537 Path Traversal in modelscope/agentscope — modelscope/agentscopeCWE-29 9.1 -2025-03-20
CVE-2024-8551 Path Traversal in modelscope/agentscope — modelscope/agentscopeCWE-23 9.8 -2025-03-20
CVE-2024-8438 Path Traversal in modelscope/agentscope — modelscope/agentscopeCWE-22 7.5 -2025-03-20
CVE-2024-8502 Remote Code Execution via Deserialization in modelscope/agentscope — modelscope/agentscopeCWE-502 9.8 -2025-03-20
CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope — modelscope/agentscopeCWE-352 6.5 -2025-03-20
CVE-2024-8501 Arbitrary File Download in modelscope/agentscope — modelscope/agentscopeCWE-36 8.8 -2025-03-20
CVE-2024-8550 Local File Inclusion (LFI) in modelscope/agentscope — modelscope/agentscopeCWE-497 7.5 -2025-02-10

This page lists every published CVE security advisory associated with ModelScope. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.