Picklescan does not block ctypes

Summary Picklescan doesnt flag ctypes module as a dangerous module, which is a huge issue. ctypes is basically a foreign function interface library and can be used to Load DLLs Call C functions directly Manipulate memory raw pointers. This can allow attackers to achieve RCE by invoking direct...

GHSA-4VR7-G93G-CF6M Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references. Original Description An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314...

GHSA-769V-P64C-89PR PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions

CVE-2025-1889 Summary Picklescan fails to detect hidden pickle files embedded in PyTorch model archives due to its reliance on file extensions for detection. This allows an attacker to embed a secondary, malicious pickle file with a non-standard extension inside a model archive, which remains...