CVE-2026-10042

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/methodname and /simpleexecute/methodname endpoints deserialize attacker-controlled HTTP request...

SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

EUVD-2026-25292

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achie...

Incomplete List of Disallowed Inputs

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the islikelysafe, checksafety, --check-safety, alwayschecksafety and checksafety interfaces. An attacker can execute arbitra...

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the analysis of pickle files, where import nodes for certain modules such as builtins are not emitted in the abstract syntax...

Server-side Request Forgery (SSRF)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the io.FileIO and urllib.request.urlopen functions chaining. An attacker can access arbitrary files on the...

Deserialization of Untrusted Data

Overview smolagents is a 🤗 smolagents: a barebones library for agents. Agents write python code to call tools or orchestrate other agents. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing of pickle data. An attacker can execute arbitrary code b...

CVE-2025-14931

Affected software: Hugging Face smolagents. Vulnerability: Deserialization of untrusted data via parsing of pickle data, enabling Remote Code Execution. Root cause: improper validation of user-supplied data during pickle deserialization. Impact: attacker can execute code in the service account co...

Hugging Face smolagents 代码问题漏洞

Hugging Face smolagents is a Python library for rapid construction of intelligences open-sourced by Hugging Face. A code issue vulnerability exists in Hugging Face smolagents that stems from a lack of validation of user-supplied data when parsing pickle data, which could lead to deserialization o...

(0Day) Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of pickle data. The issue results from the lack of proper validation...

EUVD-2025-6874

Malicious code in bioql PyPI...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution/deserialization because idlelib.pyshell.ModifiedInterpreter.runcode can execute untrusted code e.g., from malicious pickle data in the interpreter context...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of the loads function to execute remote pickle files, which allows an attacker to execute arbitrary code...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of untrusted pickle data in the function’s reduce flow, which allows an attacker to craft a malicious pickle that bypasses the victim’s Picklescan check and achieve arbitrary code execution when t...

PYSEC-2025-222

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...

CVE-2025-24357

vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...

PYSEC-2025-58

vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in versions of vLLM prior to v0.7.0 that stems from arbitrary code execution during unpickling when torch.load loads malicious pickle data...

Deserialization Of Untrusted Data

MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper deserialization of untrusted pickle data in the finetune method within byomhandler.py, which allows the execution of arbitrary code on the server during the 'finetune' process...

PYSEC-2024-23

Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...