CVE-2025-71340

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

CVE-2025-71340 picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

CVE-2025-71340

CVE-2025-71340 affects the picklescan tool up to version 0.0.26, where malicious pickle files can invoke idlelib.pyshell.ModifiedInterpreter.runcode via reduce , allowing code execution when loaded with pickle.load(). This enables supply‑chain attacks on PyTorch models and saved Python objects. T...

PT-2026-52617

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode within reduce methods. This allows attackers to embed undetected code in pickle files...

CVE-2025-71354

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

CVE-2025-71361

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetchtip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load...

CVE-2025-71361 picklescan - Remote Code Execution via Undetected idlelib.calltip.Calltip.fetch_tip

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetchtip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load...

CVE-2025-71361

CVE-2025-71361 affects the Python package picklescan, specifically versions prior to 0.0.29. The issue is that picklescan fails to detect malicious calls to idlelib.calltip.Calltip.fetch_tip embedded in pickle files, enabling remote code execution when a pickle is loaded (pickle.load()). The CVSS...

EUVD-2025-210328

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetchtip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load...

CVE-2025-71354

Summary: CVE-2025-71354 affects the Python package picklescan (prior to 0.0.29) via the idlelib.debugobj.ObjectTreeItem.SetText reduce path, allowing crafted pickle payloads to bypass detection and cause arbitrary code execution when pickle.load() is used. Affected software: picklescan (versions ...

EUVD-2025-210327

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

CVE-2025-71376 picklescan - Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

CVE-2025-71376

CVE-2025-71376 affects the Python package picklescan prior to 0.0.29. The vulnerability arises because idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods is not detected, allowing attackers to embed code in pickle files that executes arbitrary commands when loaded by victims. T...

EUVD-2025-210308

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

CVE-2025-71358 picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

CVE-2025-71358

CVE-2025-71358 concerns the Python tool picklescan (pre-0.0.29) failing to detect malicious pickle payloads that exploit the function idlelib.autocomplete.AutoComplete.get_entity in reduce methods. When a crafted pickle is loaded with pickle.load(), arbitrary commands can execute, enabling remote...

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the runcommand function of idlelib.pyshell.ModifiedInterpreter when handling pickle files in reduce method...