Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/01/10 2:15 a.m.1 views

CVE-2026-22606

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...

9.3CVSS0.00101EPSS
Exploits1References3
EUVD
EUVDadded 2026/01/10 1:35 a.m.1 views

EUVD-2026-1688

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...

9.3CVSS6.7AI score0.00101EPSS
Exploits1References10
CVE
CVEadded 2026/01/10 1:35 a.m.7 views

CVE-2026-22606

CVE-2026-22606 affects Fickling (Python pickling decompiler/static analyzer) up to version 0.1.6. The root cause is that the runpy module (including run_path and run_module) was not treated as unsafe, causing some malicious pickles to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS. Thi...

9.3CVSS6.8AI score0.00101EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2026/01/10 12:0 a.m.1 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the runpy module as unsafe, which could lead to the execution of attacker-controlled code...

9.3CVSS6.8AI score0.00101EPSS
Exploits1References3
OSV
OSVadded 2026/01/09 9:12 p.m.1 views

GHSA-Q5QQ-MVFM-J35X Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling's assessment ctypes, importlib, runpy, code and multiprocessing were added the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9,...

9.3CVSS6.2AI score0.00065EPSS
Exploits1References11
Github Security Blog
Github Security Blogadded 2026/01/09 8:52 p.m.8 views

Fickling has a bypass via runpy.run_path() and runpy.run_module()

Fickling's assessment runpy was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66. Original report Summary Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicio...

9.3CVSS8.3AI score0.00101EPSS
Exploits1References11Affected Software1
Snyk
Snykadded 2026/01/09 8:52 p.m.2 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the runpy module. An attacker can execute arbitrary code by supplying a malicious pickle file that uses runpy.runpath or...

9.3CVSS7.8AI score0.00101EPSS
Exploits1References3
Rows per page
Query Builder