Aggregates CVE and security vulnerability intelligence across all scipy-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk memory corruption, with potential vendor impact memory corruption and vendor impact application crash across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-29824 | A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue. | [email protected] | 9.8 | 1.11% | 2023-07-06 | 2024-11-21 |
| CVE-2023-25399 | A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly. | [email protected] | 5.5 | 0.39% | 2023-07-05 | 2024-11-21 |
| CVE-2013-4251 | The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | [email protected] | 7.8 | 0.43% | 2019-11-04 | 2024-11-21 |