CVE-2025-1944

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...

EUVD-2020-0205

Malware in sbrugna...

EUVD-2024-1218

Malicious code in bioql PyPI...

CVE-2025-0313

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

PT-2025-12118 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: Ollama versions =0.3.14 Description: A malicious user can create a customized gguf model file that can be uploaded to the public Ollama server, causing it to crash and leading to a Denial of Service DoS attack. The root cause of the issue is ...

CVE-2025-1945

The CVE-2025-1945 issue affects PickleScan before 0.0.23, which fails to detect malicious pickle payloads embedded inside PyTorch model archives when specific ZIP header flag bits are modified. By flipping ZIP flag bits (e.g., 0x1, 0x20, 0x40) in the archive, an attacker can place a malicious pic...

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning ML model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine...