75 Total advisories
75 Vulnerabilities
0 Malware
Vulnerabilities
CRITICAL 9.8
CVE-2025-1716
CVE-2025-1716
HIGH 7.5
CVE-2025-10156
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
HIGH 8.3
CVE-2025-10157
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
HIGH 7.8
CVE-2025-10155
Picklescan Bypass is Possible via File Extension Mismatch
HIGH 7.8
CVE-2025-10157
CVE-2025-10157
CRITICAL 9.8
CVE-2025-10156
CVE-2025-10156
HIGH 7.8
CVE-2025-10155
CVE-2025-10155
CRITICAL 10.0
GHSA-vvpj-8cmc-gx39
PickleScan's pkgutil.resolve_name has a universal blocklist bypass
CRITICAL 9.8
GHSA-g38g-8gr9-h9xp
PickleScan has multiple stdlib modules with direct RCE not in blocklist
CRITICAL 9.8
GHSA-7wx9-6375-f5wh
PickleScan's profile.run blocklist mismatch allows exec() bypass
UNKNOWN
GHSA-97f8-7cmv-76j2
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
UNKNOWN
CVE-2025-46417
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
UNKNOWN
GHSA-m7j5-r2p5-c39r
picklescan vulnerable to arbitrary file create using logging.FileHandler
UNKNOWN
GHSA-9m3x-qqw2-h32h
picklescan missing detection by simple obfuscation of a `builtins.eval` call
UNKNOWN
GHSA-9726-w42j-3qjr
picklescan has Arbitrary file read using `io.FileIO`
UNKNOWN
GHSA-955r-x9j8-7rhh
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller
UNKNOWN
GHSA-46h3-79wf-xr6c
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter
UNKNOWN
GHSA-rrxm-2pvv-m66x
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef
UNKNOWN
GHSA-6556-fwc2-fg2p
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
UNKNOWN
GHSA-cffc-mxrf-mhh4
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval
UNKNOWN
GHSA-x843-g5mx-g377
Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller
UNKNOWN
GHSA-3329-ghmp-jmv5
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval
UNKNOWN
GHSA-m273-6v24-x4m4
Picklescan vulnerable to Arbitrary File Writing
UNKNOWN
GHSA-4675-36f9-wf6r
Picklescan does not block ctypes
HIGH 8.8
GHSA-hgrh-qx5j-jfwx
Picklescan Bypasses Unsafe Globals Check using pty.spawn
UNKNOWN
GHSA-vqmv-47xg-9wpr
Picklescan missing detection when calling pty.spawn
UNKNOWN
GHSA-84r2-jw7c-4r5q
Picklescan has Incomplete List of Disallowed Inputs
UNKNOWN
GHSA-r8g5-cgf2-4m4m
Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef
UNKNOWN
GHSA-j424-mc44-f4hj
Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch
UNKNOWN
GHSA-4vr7-g93g-cf6m
Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
UNKNOWN
GHSA-hf6h-9wq7-hmjg
Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
UNKNOWN
GHSA-q77w-mwjj-7mqx
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
UNKNOWN
GHSA-9w88-8rmg-7g2p
Picklescan is missing detection when calling built-in python cProfile.runctx
UNKNOWN
GHSA-49gj-c84q-6qm9
Picklescan is missing detection when calling built-in python cProfile.run
UNKNOWN
GHSA-fqq6-7vqf-w3fg
Picklescan is missing detection when calling built-in python doctest.debug_script
UNKNOWN
GHSA-4whj-rm5r-c2v8
Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof
UNKNOWN
GHSA-m869-42cg-3xwr
Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode
UNKNOWN
GHSA-3gf5-cxq9-w223
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode
UNKNOWN
GHSA-p9w7-82w4-7q8m
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
UNKNOWN
GHSA-xp4f-hrf8-rxw7
Picklescan is missing detection when calling built-in python ensurepip._run_pip
UNKNOWN
GHSA-j343-8v2j-ff7w
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
UNKNOWN
GHSA-9xph-j2h6-g47v
Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity
UNKNOWN
GHSA-7cq8-mj8x-j263
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions
UNKNOWN
GHSA-cj3c-v495-4xqh
Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter
UNKNOWN
GHSA-8r4j-24qv-fmq9
Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip
UNKNOWN
GHSA-6w4w-5w54-rjvr
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
UNKNOWN
GHSA-f54q-57x4-jg88
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
UNKNOWN
GHSA-6vqj-c2q5-j97w
Picklescan has a missing detection when calling built-in python profile.Profile.runctx
UNKNOWN
GHSA-g344-hcph-8vgg
Picklescan has a missing detection when calling built-in python trace.Trace.runctx
UNKNOWN
GHSA-5qwp-399c-mjwf
Picklescan has a missing detection when calling built-in python trace.Trace.run
UNKNOWN
GHSA-x696-vm39-cp64
Picklescan has a missing detection when calling built-in python profile.Profile.run
UNKNOWN
GHSA-3vg9-h568-4w9m
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem
UNKNOWN
GHSA-4r9r-ch6f-vxmx
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
UNKNOWN
GHSA-vr7h-p6mm-wpmh
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
UNKNOWN
GHSA-h3qp-7fh3-f8h4
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
UNKNOWN
GHSA-vv6j-3g6g-2pvj
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
UNKNOWN
GHSA-f4x7-rfwp-v3xw
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
UNKNOWN
GHSA-86cj-95qr-2p4f
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
UNKNOWN
GHSA-f745-w6jp-hpxx
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
UNKNOWN
GHSA-9gvj-pp9x-gcfr
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
UNKNOWN
GHSA-4p4h-9gvq-7xfg
Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
UNKNOWN
CVE-2025-46417
CVE-2025-46417
UNKNOWN
CVE-2025-1716
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
MEDIUM 6.5
CVE-2025-1944
Zip Exploit Crashes Picklescan But Not PyTorch
UNKNOWN
CVE-2025-1945
Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
MEDIUM 6.5
CVE-2025-1944
CVE-2025-1944
UNKNOWN
CVE-2025-1716
CVE-2025-1716
UNKNOWN
CVE-2025-1716
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions
CRITICAL 9.8
CVE-2025-1945
CVE-2025-1945
UNKNOWN
GHSA-v7x6-rv5q-mhwc
Picklescan missing detection when calling built-in python library function timeit.timeit()
UNKNOWN
GHSA-fj43-3qmq-673f
Picklescan failed to detect to some unsafe global function in Numpy library
UNKNOWN
GHSA-w6mr-mj53-x258
Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch
UNKNOWN
GHSA-2fh4-gpch-vqv4
Duplicate Advisory: Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
UNKNOWN
GHSA-hw34-rqc5-h2gm
Duplicate Advisory: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
UNKNOWN
GHSA-vr75-hjh9-7fr6
Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Ready to move
Start Securing
Free, no credit card | First findings in minutes