What is GHSA-fq92-qc8f-482v?

GHSA-fq92-qc8f-482v is a security advisory published by GitHub Security Advisories with High severity. Snorkel BaseLabeler.load uses an unsafe pickle.load

Which CVE IDs does GHSA-fq92-qc8f-482v cover?

GHSA-fq92-qc8f-482v covers the following CVE IDs: CVE-2026-31223. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-fq92-qc8f-482v?

GHSA-fq92-qc8f-482v has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

Which products are affected by GHSA-fq92-qc8f-482v?

GHSA-fq92-qc8f-482v affects 1 product, including: pip/snorkel:\u003c= 0.10.0.

GHSA-fq92-qc8f-482vHighCVSS 8.8

Snorkel BaseLabeler.load uses an unsafe pickle.load

Vendor

GitHub Security Advisories

Published

May 12, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-31223 →

📋 Description

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load() function on user-supplied file paths without any validation or security controls. Python's pickle module is inherently dangerous for deserializing untrusted data, as it can execute arbitrary code during the deserialization process. A remote attacker can exploit this by providing a maliciously crafted pickle file, leading to arbitrary code execution on the victim's system when the file is loaded via the vulnerable method.

🎯 Affected products1

pip/snorkel:<= 0.10.0

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-31223
https://github.com/snorkel-team/snorkel
https://www.notion.so/CVE-2026-31223-35d1e1393188811ab1d0e4a8a2e67992
https://github.com/advisories/GHSA-fq92-qc8f-482v