CVE-2025-71357

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

PT-2026-51216

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that utilize the idlelib.pyshell.ModifiedInterpreter.runcommand function within reduce methods. This allows attackers to embed undetected code ...

EUVD-2025-29433

Malicious code in bioql PyPI...

EUVD-2025-29491

Malicious code in bioql PyPI...

GHSA-3GF5-CXQ9-W223 Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode

Summary Using idlelib.pyshell.ModifiedInterpreter.runcode function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.pyshell.ModifiedInterpreter.runcod...

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...