Bounties
Partners
Community
Info
scikit-optimize / scikit-optimize
Project repository
Sequential model-based optimization with a `scipy.optimize` interface
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
22 DAYS
FIX
WITHIN
N/A DAYS
Unsafe joblib.load() in skopt.load() Enables RCE via Malicious Optimization Resu...
Mar 18th 2026
odysseypro25-project
•
self closed
Arbitrary Code Execution via Unsafe Deserialization in skopt.load() wrapping job...
Mar 16th 2026
elucidator-hky
•
self closed
Unsafe deserialization in `skopt.utils.load` enables arbitrary code execution
Apr 11th 2026
f00dat
•
pending
Insecure Deserialization via pickle.load() leads to Remote Code Execution (RCE)...
Jan 1st 2026
evertrustai
•
duplicate
High
Scikit-Optimize Compatibility Issues Report
Feb 14th 2026
7908837174
•
pending
Scikit-Optimize Broken with Scikit-Learn 1.7+: Critical Parameter Deprecation I...
Feb 10th 2026
7908837174
•
pending
RCE via Pickle Deserialization in Optimizer State Loading
Jan 1st 2026
lau90eth
•
duplicate
Critical
Critical Insecure Deserialization in Scikit-optimize Enables Remote Code Executi...
Jun 14th 2025
jplopezy
•
self closed
RCE via Callable Injection in BayesSearchCV Search Space
Aug 11th 2025
mnqazi
•
pending
Arbitrary Code Execution (RCE) via Function Injection
Aug 11th 2025
mnqazi
•
pending
CRITICAL
$900
HIGH
$450
MEDIUM
$75
LOW
$12
