Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-avk4-jaz6-m3gw

Summary

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). 

When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.

Aliases

alias	CVE-2025-10157

alias	GHSA-f7qq-56ww-84cr

alias	PYSEC-2025-153

Fixed_packages

url	pkg:pypi/picklescan@0.0.31
purl	pkg:pypi/picklescan@0.0.31
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.31

Affected_packages

url pkg:pypi/picklescan@0.0.1

purl pkg:pypi/picklescan@0.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.1

url pkg:pypi/picklescan@0.0.2

purl pkg:pypi/picklescan@0.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.2

url pkg:pypi/picklescan@0.0.3

purl pkg:pypi/picklescan@0.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.3

url pkg:pypi/picklescan@0.0.4

purl pkg:pypi/picklescan@0.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.4

url pkg:pypi/picklescan@0.0.5

purl pkg:pypi/picklescan@0.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.5

url pkg:pypi/picklescan@0.0.6

purl pkg:pypi/picklescan@0.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.6

url pkg:pypi/picklescan@0.0.7

purl pkg:pypi/picklescan@0.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.7

url pkg:pypi/picklescan@0.0.8

purl pkg:pypi/picklescan@0.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.8

url pkg:pypi/picklescan@0.0.9

purl pkg:pypi/picklescan@0.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.9

url pkg:pypi/picklescan@0.0.10

purl pkg:pypi/picklescan@0.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.10

url pkg:pypi/picklescan@0.0.11

purl pkg:pypi/picklescan@0.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.11

url pkg:pypi/picklescan@0.0.12

purl pkg:pypi/picklescan@0.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.12

url pkg:pypi/picklescan@0.0.13

purl pkg:pypi/picklescan@0.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.13

url pkg:pypi/picklescan@0.0.14

purl pkg:pypi/picklescan@0.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.14

url pkg:pypi/picklescan@0.0.15

purl pkg:pypi/picklescan@0.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.15

url pkg:pypi/picklescan@0.0.16

purl pkg:pypi/picklescan@0.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.16

url pkg:pypi/picklescan@0.0.17

purl pkg:pypi/picklescan@0.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.17

url pkg:pypi/picklescan@0.0.18

purl pkg:pypi/picklescan@0.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.18

url pkg:pypi/picklescan@0.0.19

purl pkg:pypi/picklescan@0.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.19

url pkg:pypi/picklescan@0.0.20

purl pkg:pypi/picklescan@0.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.20

url pkg:pypi/picklescan@0.0.21

purl pkg:pypi/picklescan@0.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-nvvk-8a8j-43gw

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.21

url pkg:pypi/picklescan@0.0.22

purl pkg:pypi/picklescan@0.0.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-ag3v-g92v-kbde

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

vulnerability	VCID-w2h9-74te-tqhc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.22

url pkg:pypi/picklescan@0.0.23

purl pkg:pypi/picklescan@0.0.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.23

url pkg:pypi/picklescan@0.0.24

purl pkg:pypi/picklescan@0.0.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

vulnerability	VCID-jfcq-vpg2-pkdn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.24

url pkg:pypi/picklescan@0.0.25

purl pkg:pypi/picklescan@0.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.25

url pkg:pypi/picklescan@0.0.26

purl pkg:pypi/picklescan@0.0.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.26

url pkg:pypi/picklescan@0.0.27

purl pkg:pypi/picklescan@0.0.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.27

url pkg:pypi/picklescan@0.0.28

purl pkg:pypi/picklescan@0.0.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.28

url pkg:pypi/picklescan@0.0.29

purl pkg:pypi/picklescan@0.0.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.29

url pkg:pypi/picklescan@0.0.30

purl pkg:pypi/picklescan@0.0.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syv-syp1-6yhk

vulnerability	VCID-auku-kbg2-2ybg

vulnerability	VCID-avk4-jaz6-m3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30

References

reference_url

https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py#L309

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py#L309

reference_url

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f7qq-56ww-84cr

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f7qq-56ww-84cr

reference_url

https://huggingface.co/iluem/linux_pkl/resolve/main/asyncio_asyncio_unix_events___UnixSubprocessTransport__start.pkl

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://huggingface.co/iluem/linux_pkl/resolve/main/asyncio_asyncio_unix_events___UnixSubprocessTransport__start.pkl

Weaknesses

Exploits

Severity_range_score 7.8 - 7.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avk4-jaz6-m3gw

Vulnerability Instance