Permissive List of Allowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the unsafeglobals function that does not block pkgutil.resolvename Python stdlib function. An attacker can...

PickleScan's pkgutil.resolve_name has a universal blocklist bypass

Summary pkgutil.resolvename is a Python stdlib function that resolves any "module:attribute" string to the corresponding Python object at runtime. By using pkgutil.resolvename as the first REDUCE call in a pickle, an attacker can obtain a reference to ANY blocked function e.g., os.system,...

EUVD-2025-32168

Malicious code in bioql PyPI...

Malicious Package

Overview pkgutil-resolve-name is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-47891 Malicious code in pkgutil-resolve-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 355bf6f2e2ca64d826a7a85321bd48180e7683107611ff321101c5baf3b26e0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pkgutil-resolve-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 355bf6f2e2ca64d826a7a85321bd48180e7683107611ff321101c5baf3b26e0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...