EUVD-2025-29706

Malicious code in bioql PyPI...

CVE-2025-10155

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...

Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references. Original Description An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and includin...

CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...

picklescan 输入验证错误漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. An input validation error vulnerability exists in picklescan version 0.0.30 and earlier, which stems from improper input validation in the scanning logic and could allow a remote attacker to bypass security...

GHSA-JGW4-CR84-MQXG Picklescan Bypass is Possible via File Extension Mismatch

Summary Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension e.g., .bin. This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle...

Picklescan Bypass is Possible via File Extension Mismatch

Summary Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension e.g., .bin. This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle...

PT-2025-38137

Name of the Vulnerable Software and Affected Versions mmaitre314 picklescan versions up to and including 0.0.30 Description An Improper Input Validation vulnerability exists in the scanning logic of picklescan. This flaw allows a remote attacker to bypass pickle files security checks by supplying...