Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-auku-kbg2-2ybg

Summary An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

Aliases

alias	CVE-2025-10156

alias	GHSA-mjqp-26hc-grxg

alias	PYSEC-2025-152

Fixed_packages

url	pkg:pypi/picklescan@0.0.31
purl	pkg:pypi/picklescan@0.0.31
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.31

Affected_packages

url pkg:pypi/picklescan@0.0.1

purl pkg:pypi/picklescan@0.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.1

url pkg:pypi/picklescan@0.0.2

purl pkg:pypi/picklescan@0.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.2

url pkg:pypi/picklescan@0.0.3

purl pkg:pypi/picklescan@0.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.3

url pkg:pypi/picklescan@0.0.4

purl pkg:pypi/picklescan@0.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.4

url pkg:pypi/picklescan@0.0.5

purl pkg:pypi/picklescan@0.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.5

url pkg:pypi/picklescan@0.0.6

purl pkg:pypi/picklescan@0.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.6

url pkg:pypi/picklescan@0.0.7

purl pkg:pypi/picklescan@0.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.7

url pkg:pypi/picklescan@0.0.8

purl pkg:pypi/picklescan@0.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.8

url pkg:pypi/picklescan@0.0.9

purl pkg:pypi/picklescan@0.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.9

url pkg:pypi/picklescan@0.0.10

purl pkg:pypi/picklescan@0.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.10

url pkg:pypi/picklescan@0.0.11

purl pkg:pypi/picklescan@0.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.11

url pkg:pypi/picklescan@0.0.12

purl pkg:pypi/picklescan@0.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.12

url pkg:pypi/picklescan@0.0.13

purl pkg:pypi/picklescan@0.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.13

url pkg:pypi/picklescan@0.0.14

purl pkg:pypi/picklescan@0.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.14

url pkg:pypi/picklescan@0.0.15

purl pkg:pypi/picklescan@0.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.15

url pkg:pypi/picklescan@0.0.16

purl pkg:pypi/picklescan@0.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.16

url pkg:pypi/picklescan@0.0.17

purl pkg:pypi/picklescan@0.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.17

url pkg:pypi/picklescan@0.0.18

purl pkg:pypi/picklescan@0.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.18

url pkg:pypi/picklescan@0.0.19

purl pkg:pypi/picklescan@0.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.19

url pkg:pypi/picklescan@0.0.20

purl pkg:pypi/picklescan@0.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.20

url pkg:pypi/picklescan@0.0.21

purl pkg:pypi/picklescan@0.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.21

url pkg:pypi/picklescan@0.0.22

purl pkg:pypi/picklescan@0.0.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.22

url pkg:pypi/picklescan@0.0.23

purl pkg:pypi/picklescan@0.0.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.23

url pkg:pypi/picklescan@0.0.24

purl pkg:pypi/picklescan@0.0.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.24

url pkg:pypi/picklescan@0.0.25

purl pkg:pypi/picklescan@0.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.25

url pkg:pypi/picklescan@0.0.26

purl pkg:pypi/picklescan@0.0.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.26

url pkg:pypi/picklescan@0.0.27

purl pkg:pypi/picklescan@0.0.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.27

url pkg:pypi/picklescan@0.0.28

purl pkg:pypi/picklescan@0.0.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.28

url pkg:pypi/picklescan@0.0.29

purl pkg:pypi/picklescan@0.0.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.29

url pkg:pypi/picklescan@0.0.30

purl pkg:pypi/picklescan@0.0.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30

References

reference_url

https://github.com/mmaitre314/picklescan/blob/v0.0.29/src/picklescan/relaxed_zipfile.py#L35

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/mmaitre314/picklescan/blob/v0.0.29/src/picklescan/relaxed_zipfile.py#L35

reference_url

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg

reference_url

https://huggingface.co/jinaai/jina-embeddings-v2-base-en/resolve/main/pytorch_model.bin?download=true

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://huggingface.co/jinaai/jina-embeddings-v2-base-en/resolve/main/pytorch_model.bin?download=true

reference_url

https://huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main

Weaknesses

Exploits

Severity_range_score 9.8 - 9.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auku-kbg2-2ybg

Vulnerability Instance