HIGH PyPI
GHSA-3329-ghmp-jmv5 Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval
Modified: 12/29/2025
package
PyPI / picklescan
pkg:pypi/picklescan
MEDIUM PyPI
GHSA-3gf5-cxq9-w223 Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode
Modified: 8/26/2025
MEDIUM PyPI
GHSA-3vg9-h568-4w9m Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem
Modified: 8/26/2025
CRITICAL 9.8 PyPI
GHSA-4675-36f9-wf6r · CVE-2025-71323 Picklescan does not block ctypes
Modified: 6/18/2026
HIGH PyPI
GHSA-46h3-79wf-xr6c Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter
Modified: 12/30/2025
MEDIUM PyPI
GHSA-49gj-c84q-6qm9 Picklescan is missing detection when calling built-in python cProfile.run
Modified: 8/26/2025
MEDIUM PyPI
GHSA-4r9r-ch6f-vxmx Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
Modified: 8/22/2025
MEDIUM PyPI
GHSA-4whj-rm5r-c2v8 Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof
Modified: 8/26/2025
MEDIUM PyPI
GHSA-5qwp-399c-mjwf Picklescan has a missing detection when calling built-in python trace.Trace.run
Modified: 8/26/2025
MEDIUM PyPI
GHSA-6556-fwc2-fg2p Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
Modified: 12/30/2025
MEDIUM PyPI
GHSA-655q-fx9r-782v · CVE-2025-1716, CVE-2025-1889 Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Modified: 4/9/2025
MEDIUM PyPI
GHSA-6vqj-c2q5-j97w Picklescan has a missing detection when calling built-in python profile.Profile.runctx
Modified: 8/26/2025
MEDIUM PyPI
GHSA-6w4w-5w54-rjvr Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
Modified: 8/26/2025
MEDIUM PyPI
GHSA-769v-p64c-89pr · CVE-2025-1716, CVE-2025-1889 PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions
Modified: 4/9/2025
MEDIUM PyPI
GHSA-7cq8-mj8x-j263 Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions
Modified: 8/26/2025
MEDIUM 6.5 PyPI
GHSA-7q5r-7gvp-wc82 · CVE-2025-1944, PYSEC-2025-20 Zip Exploit Crashes Picklescan But Not PyTorch
Modified: 4/9/2025
CRITICAL 9.8 PyPI
GHSA-7wx9-6375-f5wh · CVE-2026-53873 PickleScan's profile.run blocklist mismatch allows exec() bypass
Modified: 6/18/2026
HIGH PyPI
GHSA-84r2-jw7c-4r5q · CVE-2025-71320 Picklescan has Incomplete List of Disallowed Inputs
Modified: 6/18/2026
MEDIUM PyPI
GHSA-86cj-95qr-2p4f Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
Modified: 8/22/2025
MEDIUM PyPI
GHSA-8r4j-24qv-fmq9 Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip
Modified: 8/26/2025
HIGH PyPI
GHSA-93mv-x874-956g · CVE-2025-46417, PYSEC-2025-34 Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
Modified: 2/4/2026
HIGH PyPI
GHSA-955r-x9j8-7rhh Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller
Modified: 12/30/2025
HIGH 7.5 PyPI
GHSA-9726-w42j-3qjr · CVE-2026-53872 picklescan has Arbitrary file read using `io.FileIO`
Modified: 6/18/2026
HIGH PyPI
GHSA-97f8-7cmv-76j2 · CVE-2026-53875 Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
Modified: 6/18/2026
HIGH PyPI
GHSA-9gvj-pp9x-gcfr · CVE-2025-71325 Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
Modified: 6/18/2026
HIGH PyPI
GHSA-9m3x-qqw2-h32h · CVE-2026-53874 picklescan missing detection by simple obfuscation of a `builtins.eval` call
Modified: 6/18/2026
MEDIUM PyPI
GHSA-9w88-8rmg-7g2p Picklescan is missing detection when calling built-in python cProfile.runctx
Modified: 8/26/2025
MEDIUM PyPI
GHSA-9xph-j2h6-g47v Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity
Modified: 8/26/2025
MEDIUM PyPI
GHSA-cffc-mxrf-mhh4 Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval
Modified: 12/29/2025
MEDIUM PyPI
GHSA-cj3c-v495-4xqh Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter
Modified: 8/26/2025
MEDIUM PyPI
GHSA-f4x7-rfwp-v3xw Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
Modified: 8/22/2025
MEDIUM PyPI
GHSA-f54q-57x4-jg88 Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
Modified: 8/26/2025
MEDIUM PyPI
GHSA-f745-w6jp-hpxx Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
Modified: 8/22/2025
HIGH 8.3 PyPI
GHSA-f7qq-56ww-84cr · CVE-2025-10157, PYSEC-2025-153 Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
Modified: 6/6/2026
MEDIUM PyPI
GHSA-fj43-3qmq-673f Picklescan failed to detect to some unsafe global function in Numpy library
Modified: 4/7/2025
MEDIUM PyPI
GHSA-fqq6-7vqf-w3fg Picklescan is missing detection when calling built-in python doctest.debug_script
Modified: 8/26/2025
MEDIUM PyPI
GHSA-g344-hcph-8vgg Picklescan has a missing detection when calling built-in python trace.Trace.runctx
Modified: 8/26/2025
CRITICAL 9.8 PyPI
GHSA-g38g-8gr9-h9xp PickleScan has multiple stdlib modules with direct RCE not in blocklist
Modified: 3/4/2026
MEDIUM PyPI
GHSA-h3qp-7fh3-f8h4 Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
Modified: 8/22/2025
HIGH 8.8 PyPI
GHSA-hgrh-qx5j-jfwx · CVE-2025-71322 Picklescan Bypasses Unsafe Globals Check using pty.spawn
Modified: 6/18/2026
MEDIUM PyPI
GHSA-j343-8v2j-ff7w Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
Modified: 8/26/2025
HIGH 7.8 PyPI
GHSA-jgw4-cr84-mqxg · CVE-2025-10155, PYSEC-2025-151 Picklescan Bypass is Possible via File Extension Mismatch
Modified: 6/6/2026
HIGH PyPI
GHSA-m273-6v24-x4m4 · CVE-2025-71321 Picklescan vulnerable to Arbitrary File Writing
Modified: 6/18/2026
MEDIUM PyPI
GHSA-m7j5-r2p5-c39r picklescan vulnerable to arbitrary file create using logging.FileHandler
Modified: 2/3/2026
MEDIUM PyPI
GHSA-m869-42cg-3xwr Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode
Modified: 8/26/2025
HIGH 7.5 PyPI
GHSA-mjqp-26hc-grxg · CVE-2025-10156, PYSEC-2025-152 Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Modified: 6/6/2026
MEDIUM PyPI
GHSA-p9w7-82w4-7q8m Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
Modified: 8/26/2025
MEDIUM PyPI
GHSA-q77w-mwjj-7mqx Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
Modified: 8/26/2025
HIGH PyPI
GHSA-r8g5-cgf2-4m4m Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef
Modified: 12/29/2025
HIGH PyPI
GHSA-rrxm-2pvv-m66x Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef
Modified: 12/30/2025
MEDIUM PyPI
GHSA-v7x6-rv5q-mhwc Picklescan missing detection when calling built-in python library function timeit.timeit()
Modified: 4/7/2025
HIGH PyPI
GHSA-vqmv-47xg-9wpr Picklescan missing detection when calling pty.spawn
Modified: 12/29/2025
MEDIUM PyPI
GHSA-vr7h-p6mm-wpmh Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
Modified: 8/22/2025
MEDIUM PyPI
GHSA-vv6j-3g6g-2pvj Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
Modified: 8/22/2025
CRITICAL 10.0 PyPI
GHSA-vvpj-8cmc-gx39 · CVE-2026-3490 PickleScan's pkgutil.resolve_name has a universal blocklist bypass
Modified: 6/18/2026
MEDIUM PyPI
GHSA-w8jq-xcqf-f792 · CVE-2025-1945, PYSEC-2025-21 Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
Modified: 4/9/2025
MEDIUM PyPI
GHSA-x696-vm39-cp64 Picklescan has a missing detection when calling built-in python profile.Profile.run
Modified: 8/26/2025
HIGH PyPI
GHSA-x843-g5mx-g377 Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller
Modified: 12/29/2025
MEDIUM PyPI
GHSA-xp4f-hrf8-rxw7 Picklescan is missing detection when calling built-in python ensurepip._run_pip
Modified: 8/26/2025
HIGH 7.8 PyPI
PYSEC-2025-151 · CVE-2025-10155, GHSA-jgw4-cr84-mqxg Modified: 5/20/2026
CRITICAL 9.8 PyPI
PYSEC-2025-152 · CVE-2025-10156, GHSA-mjqp-26hc-grxg Modified: 5/20/2026
HIGH 7.8 PyPI
PYSEC-2025-153 · CVE-2025-10157, GHSA-f7qq-56ww-84cr Modified: 5/20/2026
— PyPI
PYSEC-2025-18 · CVE-2025-1716, CVE-2025-1889 Modified: 4/9/2025
CRITICAL 9.8 PyPI
PYSEC-2025-19 · CVE-2025-1716, CVE-2025-1889 Modified: 6/10/2026
MEDIUM 6.5 PyPI
PYSEC-2025-20 · CVE-2025-1944, GHSA-7q5r-7gvp-wc82 Modified: 4/9/2025
CRITICAL 9.8 PyPI
PYSEC-2025-21 · CVE-2025-1945, GHSA-w8jq-xcqf-f792 Modified: 4/9/2025
— PyPI
PYSEC-2025-34 · CVE-2025-46417, GHSA-93mv-x874-956g Modified: 4/24/2025