What is GHSA-84q4-pj7g-82qq?

GHSA-84q4-pj7g-82qq is a security advisory published by GitHub Security Advisories with High severity. An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted...

Which CVE IDs does GHSA-84q4-pj7g-82qq cover?

GHSA-84q4-pj7g-82qq covers the following CVE IDs: CVE-2026-38950. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-84q4-pj7g-82qq?

GHSA-84q4-pj7g-82qq has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-84q4-pj7g-82qqHighCVSS 7.8

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted...

Vendor

GitHub Security Advisories

Published

June 1, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-38950 →

📋 Description

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-38950
https://github.com/esa/AnomalyMatch/pull/9
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md
https://imlabs.info/research/security_advisory_esa_anomaly_match_unsafe_deserialization_cve_2026_38950_ivan_markovic_052026.html
https://github.com/advisories/GHSA-84q4-pj7g-82qq