VulnerableCode Package Details - pkg:pypi/picklescan@0.0.29

Search for packages

Vulnerability	Summary	Fixed by
VCID-2syv-syp1-6yhk Aliases: CVE-2025-10155 GHSA-jgw4-cr84-mqxg PYSEC-2025-151	An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.	0.0.31 Affected by 0 other vulnerabilities.
VCID-auku-kbg2-2ybg Aliases: CVE-2025-10156 GHSA-mjqp-26hc-grxg PYSEC-2025-152	An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.	0.0.31 Affected by 0 other vulnerabilities.
VCID-avk4-jaz6-m3gw Aliases: CVE-2025-10157 GHSA-f7qq-56ww-84cr PYSEC-2025-153	A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.	0.0.31 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2syv-syp1-6yhk
Aliases:
CVE-2025-10155
GHSA-jgw4-cr84-mqxg
PYSEC-2025-151

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

0.0.31
Affected by 0 other vulnerabilities.

VCID-auku-kbg2-2ybg
Aliases:
CVE-2025-10156
GHSA-mjqp-26hc-grxg
PYSEC-2025-152

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

0.0.31
Affected by 0 other vulnerabilities.

VCID-avk4-jaz6-m3gw
Aliases:
CVE-2025-10157
GHSA-f7qq-56ww-84cr
PYSEC-2025-153

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.

0.0.31
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:20.268397+00:00	Pypa Importer	Affected by	VCID-avk4-jaz6-m3gw	https://github.com/pypa/advisory-database/blob/main/vulns/picklescan/PYSEC-2025-153.yaml	38.6.0
2026-06-02T04:23:20.120576+00:00	Pypa Importer	Affected by	VCID-auku-kbg2-2ybg	https://github.com/pypa/advisory-database/blob/main/vulns/picklescan/PYSEC-2025-152.yaml	38.6.0
2026-06-02T04:23:19.958697+00:00	Pypa Importer	Affected by	VCID-2syv-syp1-6yhk	https://github.com/pypa/advisory-database/blob/main/vulns/picklescan/PYSEC-2025-151.yaml	38.6.0