Product Research Enterprise Plans Docs

PyPi: Deepchecks

CVE-2023-4863

Transitive

Safety vulnerability ID: 64766

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 12, 2023 Updated at Mar 13, 2025

Scan your Python projects for vulnerabilities →

Advisory

Deepchecks version 0.18.0 updates its dependency on pillow to version 10.0.1 from 9.5.0 addressing security vulnerability CVE-2023-39968.
https://github.com/deepchecks/deepchecks/pull/2683

Affected package

deepchecks

Latest version: 0.19.1

Package for validating your machine learning model and data

Affected versions

Fixed versions

Vulnerability changelog

Documentation
- fix typos in README.md [skip ci] (2699) [2699](https://github.com/deepchecks/deepchecks/pull/2699) ([Eyal C](https://github.com/deepchecks/deepchecks/commit/1ffb9086df980a6209ba04577787b17001c90380))
- add RayanAAY-ops as a contributor for code, and ideas (2733) [2733](https://github.com/deepchecks/deepchecks/pull/2733) ([allcontributors[bot]](https://github.com/deepchecks/deepchecks/commit/5648b617b9acfa4907e41a5807ac50317eb58a91))

Commits
- d1c07ab: Change nlp model properties to use onnx optimized models (Nadav Barak) [2681](https://github.com/deepchecks/deepchecks/pull/2681)
- 3eaca24: Remove empty_gpu for cached models (Nadav Barak) [2682](https://github.com/deepchecks/deepchecks/pull/2682)
- 9890fd5: Part of the vulnerability fixes required by Snyk (2683) (Noam Bressler) [2683](https://github.com/deepchecks/deepchecks/pull/2683)
- 3f148f1: Fix CI/CD (2685) (Harsh Jain) [2685](https://github.com/deepchecks/deepchecks/pull/2685)
- c2bbd59: Bump dev version (2686) (Noam Bressler) [2686](https://github.com/deepchecks/deepchecks/pull/2686)
- cf4a7ea: Added support for filterting check results by name (2695) (Harsh Jain) [2695](https://github.com/deepchecks/deepchecks/pull/2695)
- a40e8c3: modification of language property text (2704) (Nadav Barak) [2704](https://github.com/deepchecks/deepchecks/pull/2704)
- 9806488: Change lexical density to a 0-1 float (2708) (Noam Bressler) [2708](https://github.com/deepchecks/deepchecks/pull/2708)
- f8eaa0c: Vulnerability issues fix by Synk (2703) (Harsh Jain) [2703](https://github.com/deepchecks/deepchecks/pull/2703)
- 6ff7d2a: Code optimization for cleaning special chars from string (2698) (Manish Kumar) [2698](https://github.com/deepchecks/deepchecks/pull/2698)
- 76b92c8: change_weak_segments_na_logic (2709) (JKL98ISR) [2709](https://github.com/deepchecks/deepchecks/pull/2709)
- c4af7dd: segments bug fix with na (2712) (Nadav Barak) [2712](https://github.com/deepchecks/deepchecks/pull/2712)
- 708bac7: weak segment should have maximum of 1 category (2705) (Nadav Barak) [2705](https://github.com/deepchecks/deepchecks/pull/2705)
- 7bb31d1: remove ipython req (2716) (Noam Bressler) [2716](https://github.com/deepchecks/deepchecks/pull/2716)
- 42cf4b3: improved documentation (2717) (Nadav Barak) [2717](https://github.com/deepchecks/deepchecks/pull/2717)
- 7639a35: Limit a newer sklearn version that breaks _ProbaScorer (2723) (Noam Bressler) [2723](https://github.com/deepchecks/deepchecks/pull/2723)
- 2ef42a0: Fix build (2731) (Noam Bressler) [2731](https://github.com/deepchecks/deepchecks/pull/2731)
- 5db924d: Remove benchmark history check (2732) (Noam Bressler) [2732](https://github.com/deepchecks/deepchecks/pull/2732)
- 32cb218: update ver and docs (Noam Bressler)

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.8

CVSS v3 Details

HIGH 8.8

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH