Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Picklescan — Vulnerabilities & Security Advisories 58

All 58 CVE vulnerabilities found in Picklescan, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with picklescan, a Python library designed for scanning pickle data for security risks. It aggregates reported weaknesses from various vendors and security databases, providing a comprehensive overview of the risks linked to this specific tool and its underlying dependencies. The collection covers vulnerabilities disclosed between January 2023 and October 2024, ensuring that both recent and historical security issues are accessible for analysis. By consolidating data from multiple sources, this resource aims to provide a clear and unified view of the security landscape surrounding picklescan. Users can utilize this page to track advisories issued by specific vendors, allowing them to stay informed about patches and mitigation strategies. Furthermore, the page facilitates a deeper understanding of common weakness classifications, helping developers identify patterns in how similar vulnerabilities are reported and addressed across different contexts. Readers can also look up the complete vulnerability history of picklescan, examining how the product's security posture has evolved over time. This historical perspective is crucial for assessing long-term stability and reliability. The information provided is intended for security professionals, developers, and IT administrators who need to evaluate the risk of using picklescan in their environments. By presenting aggregated data in a structured format, the page supports informed decision-making regarding software procurement and security audits. It serves as a reference point for understanding the specific threat models associated with pickle serialization and how picklescan addresses these concerns through its design and implementation.

Vendor: mmaitre314

CVE IDTitleCVSSSeverityPublished
CVE-2025-71365 picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass CWE-502 8.1 High2026-06-23
CVE-2025-71341 picklescan - Remote Code Execution via Undetected profile.Profile.runctx CWE-502 8.1 High2026-06-23
CVE-2025-71358 picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity CWE-502 8.1 High2026-06-22
CVE-2025-71344 picklescan - Arbitrary Code Execution via Undetected ensurepip._run_pip Function CWE-502 8.1 High2026-06-22
CVE-2025-71339 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget CWE-502 8.1 High2026-06-22
CVE-2025-71378 picklescan - Remote Code Execution via Undetected cProfile.runctx in Pickle Files CWE-502 8.1 High2026-06-21
CVE-2025-71351 picklescan - Remote Code Execution via timeit.timeit() Detection Bypass CWE-184--2026-06-21
CVE-2025-71357 picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand CWE-502 8.1 High2026-06-21
CVE-2025-71348 picklescan - Arbitrary Code Execution via torch.utils._config_module.load_config Bypass CWE-502 8.1 High2026-06-21
CVE-2026-56304 picklescan - Arbitrary File Creation via logging.FileHandler Deserialization CWE-502 6.5 Medium2026-06-20
CVE-2026-53874 picklescan - Arbitrary Code Execution via Obfuscated eval Call CWE-502 9.8 Critical2026-06-17
CVE-2026-53875 picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch CWE-95--2026-06-17
CVE-2026-53873 picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass CWE-184 9.8 Critical2026-06-17
CVE-2026-3490 picklescan - Universal Blocklist Bypass via pkgutil.resolve_name CWE-183 10.0 Critical2026-06-17
CVE-2026-53872 picklescan - Arbitrary File Read via Unsafe Pickle Deserialization CWE-22 7.5 High2026-06-17
CVE-2025-71325 picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw CWE-391 9.8 Critical2026-06-17
CVE-2025-71323 picklescan - Remote Code Execution via Unblocked ctypes Module CWE-184 9.8 Critical2026-06-17
CVE-2025-71322 PickleScan - Unsafe Globals Check Bypass via pty.spawn Function CWE-693 8.8 High2026-06-17
CVE-2025-71321 picklescan - Arbitrary File Writing via distutils Module Bypass CWE-502 9.8 Critical2026-06-17
CVE-2025-71320 picklescan - Remote Code Execution via Incomplete Disallowed Inputs CWE-184 9.8 Critical2026-06-17
CVE-2025-10157 PickleScan Bypasses Unsafe Globals Check Using Submodule Imports CWE-693 9.8AICriticalAI2025-09-17
CVE-2025-10156 PickleScan Security Bypass via Bad CRC in ZIP Archive CWE-755 7.8AIHighAI2025-09-17
CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension CWE-20 9.8AICriticalAI2025-09-17
CVE-2025-46417 picklescan 安全漏洞 CWE-184 9.1 -2025-04-24
CVE-2025-1945 picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch CWE-345 9.8 -2025-03-10
CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash CWE-345 7.5 -2025-03-10
CVE-2025-1889 picklescan - Security scanning bypass via non-standard file extensions CWE-646 7.5 -2025-03-03
CVE-2025-1716 picklescan - Security scanning bypass via 'pip main' CWE-184 8.1 -2025-02-26

All 58 known CVE vulnerabilities affecting Picklescan with full Chinese analysis, references, and POCs where available.