Search for packages
| purl | pkg:pypi/fickling@0.1.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-dp66-vtjz-b7ad | Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module imports. This led to unsafe pickles based on `pty.spawn()` being incorrectly flagged as `LIKELY_SAFE`, and was fixed in version 0.1.6. This impacted any user or system that used Fickling to vet pickle files for security issues. |
CVE-2025-67748
GHSA-r7v6-mfhq-g3m2 PYSEC-2025-113 |
| VCID-efcp-1gcj-mkhn | Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list There's missing detection for the python modules, `marshal.loads` and `types.FunctionType` and Fickling throws unhandled ValueErrors when the stack is deliberately exhausted. |
CVE-2025-67747
GHSA-565g-hwwr-4pp3 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:49:12.944400+00:00 | GitLab Importer | Fixing | VCID-dp66-vtjz-b7ad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/fickling/CVE-2025-67748.yml | 38.6.0 |
| 2026-06-02T04:49:12.399168+00:00 | GitLab Importer | Fixing | VCID-efcp-1gcj-mkhn | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/fickling/CVE-2025-67747.yml | 38.6.0 |
| 2026-06-02T04:23:36.018758+00:00 | Pypa Importer | Fixing | VCID-dp66-vtjz-b7ad | https://github.com/pypa/advisory-database/blob/main/vulns/fickling/PYSEC-2025-113.yaml | 38.6.0 |