Browse all 4 CVE security advisories affecting skops-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Skops-dev is a software development tool focused on streamlining code deployment and management processes. Historically, vulnerabilities associated with this project have commonly included remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input validation and insecure default configurations. The project has demonstrated inconsistent security practices, with four CVEs recorded to date, primarily related to authentication bypass and privilege escalation issues. While no major public security incidents have been documented, the recurring nature of these vulnerabilities suggests ongoing challenges in secure coding practices and configuration management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54886 | skops: Card.get_model does not block arbitrary code execution — skopsCWE-502 | 8.4 | High | 2025-08-08 |
| CVE-2025-54413 | skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time — skopsCWE-351 | 9.8 | - | 2025-07-26 |
| CVE-2025-54412 | skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution — skopsCWE-351 | 8.8 | - | 2025-07-26 |
| CVE-2024-37065 | Skops 安全漏洞 — SkopsCWE-502 | 7.8 | High | 2024-06-04 |
This page lists every published CVE security advisory associated with skops-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.