Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to executing remote pickle files using profile.Profile.run, which allows an attacker to run arbitrary code on the system...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to using the cProfile.run function to execute a remote pickle file, which allows an attacker to execute arbitrary code on the affected system...

Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7qq-56ww-84cr. This link is maintained to preserve external references. Original Description A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a...

PYSEC-2025-153

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan version 0.0.30 and earlier, which stems from an insufficient module name check that could lead to bypassing insecure global checks and executing malicious code...

Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from PickleScan's strict check for full module names against its list of unsafe globals. By using subclasses of dangerous imports instead o...

Picklescan is missing detection when calling built-in python cProfile.runctx

Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...

Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem

Summary Using idlelib.debugobj.ObjectTreeItem.SetText, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.debugobj.ObjectTreeItem.SetText function in...

Picklescan has a missing detection when calling built-in python trace.Trace.runctx

Summary Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.runctx function in reduce method Then when the victim after...

GHSA-VV6J-3G6G-2PVJ Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

Summary Using torch.utils.configmodule.loadconfig function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.configmodule.loadconfig function in reduce...

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to using the torch.dynamo.guards.GuardBuilder.get function. An attacker can execute arbitrary code by crafting a...

GHSA-86CJ-95QR-2P4F Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

GHSA-4R9R-CH6F-VXMX Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile

Summary Using torch.utils.bottleneck.main.runcprofile function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runcprofile function in...

PT-2025-38137

Name of the Vulnerable Software and Affected Versions mmaitre314 picklescan versions up to and including 0.0.30 Description An Improper Input Validation vulnerability exists in the scanning logic of picklescan. This flaw allows a remote attacker to bypass pickle files security checks by supplying...

Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-93mv-x874-956g. This link is maintained to preserve external references. Original Description The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can...

GHSA-4P4H-9GVQ-7XFG Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-93mv-x874-956g. This link is maintained to preserve external references. Original Description The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can...

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...