joblib v1.4.2 exists to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().