SafePickle: Robust and Generic ML Detection of Malicious Pickle-Based ML Models

Model repositories such as Hugging Face increasingly distribute machine learning artifacts serialized with Python's pickle format, exposing users to remote code execution RCE risks during model loading. Recent defenses, such as PickleBall, rely on per-library policy synthesis that requires comple...

PT-2025-38137

Name of the Vulnerable Software and Affected Versions mmaitre314 picklescan versions up to and including 0.0.30 Description An Improper Input Validation vulnerability exists in the scanning logic of picklescan. This flaw allows a remote attacker to bypass pickle files security checks by supplying...