EUVD-2026-29560

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the predict method, which uses pandas.readpickle without proper validation when loading pickle files. This coul...

EUVD-2026-11561

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

SafePickle: Robust and Generic ML Detection of Malicious Pickle-Based ML Models

Model repositories such as Hugging Face increasingly distribute machine learning artifacts serialized with Python's pickle format, exposing users to remote code execution RCE risks during model loading. Recent defenses, such as PickleBall, rely on per-library policy synthesis that requires comple...

Improper Security Checks For Unsafe Imports

Fickling is vulnerable to improper security checks for unsafe imports. The vulnerability is due to incomplete validation in the unsafeimports method of the static analyzer, which fails to flag certain high-risk Python modules, allowing an attacker to craft malicious pickle files that bypass safet...

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval

Summary Picklescan uses numpy.f2py.crackfortran.parameval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.parameval function via reduce method....

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the operator.methodcaller function, which is a built-in Python library function used to execute a remote...

Remote Code Execution (RCE)

pdfminer.six is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the CMapDB.loaddata function, where pickle.loads processes attacker-controlled pickle.gz files referenced by a malicious PDF, allowing arbitrary code execution when the file is...

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections. Picklescan, developed and maintained by Matthieu Maitre...

Improper Input Validation

picklescan is vulnerable to Improper Input Validation. The vulnerability is due to inadequate validation in the scanning logic that fails to properly inspect pickle files with PyTorch-related extensions, which allows an attacker to bypass security checks and execute malicious code when the file i...

EUVD-2025-5524

Malicious code in bioql PyPI...

EUVD-2025-29466

Malicious code in bioql PyPI...

EUVD-2025-5523

Malicious code in bioql PyPI...

EUVD-2025-29708

Malicious code in bioql PyPI...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to the idlelib.run.Executive.runcode function executing arbitrary pickle files, which allows an attacker to run malicious code remotely...

Remote Code Execution (RCE)

cProfile is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization/execution because cProfile.runctx can be abused to execute code from untrusted pickle files passed into its execution context...

Deserialization Of Untrusted Data

picklescan is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the function fetching and unpickling remote pickle files without validation, which allows an attacker to supply a crafted pickle that executes arbitrary code when deserialized...

Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references. Original Description An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314...

CVE-2025-10156

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check CRC, which causes the...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization because torch.utils.configmodule.loadconfig used in reduce can load malicious pickle files that bypass Picklescan checks and execute arbitrary code during pickle.load...