{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","type":"pypi","namespace":"","name":"picklescan","version":"0.0.30","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.0.31","latest_non_vulnerable_version":"1.0.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37110?format=json","vulnerability_id":"VCID-2syv-syp1-6yhk","summary":"An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/blob/58983e1c20973ac42f2df7ff15d7c8cd32f9b688/src/picklescan/scanner.py#L463","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/blob/58983e1c20973ac42f2df7ff15d7c8cd32f9b688/src/picklescan/scanner.py#L463"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/28a7b4ef753466572bda3313737116eeb9b4e5c5","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/28a7b4ef753466572bda3313737116eeb9b4e5c5"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-jgw4-cr84-mqxg","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-jgw4-cr84-mqxg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10155","reference_id":"CVE-2025-10155","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10155"},{"reference_url":"https://github.com/advisories/GHSA-jgw4-cr84-mqxg","reference_id":"GHSA-jgw4-cr84-mqxg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jgw4-cr84-mqxg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46352?format=json","purl":"pkg:pypi/picklescan@0.0.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.31"}],"aliases":["CVE-2025-10155","GHSA-jgw4-cr84-mqxg","PYSEC-2025-151"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2syv-syp1-6yhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37111?format=json","vulnerability_id":"VCID-auku-kbg2-2ybg","summary":"An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/blob/v0.0.29/src/picklescan/relaxed_zipfile.py#L35","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/blob/v0.0.29/src/picklescan/relaxed_zipfile.py#L35"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/28a7b4ef753466572bda3313737116eeb9b4e5c5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/28a7b4ef753466572bda3313737116eeb9b4e5c5"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg"},{"reference_url":"https://huggingface.co/jinaai/jina-embeddings-v2-base-en/resolve/main/pytorch_model.bin?download=true","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huggingface.co/jinaai/jina-embeddings-v2-base-en/resolve/main/pytorch_model.bin?download=true"},{"reference_url":"https://huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10156","reference_id":"CVE-2025-10156","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10156"},{"reference_url":"https://github.com/advisories/GHSA-mjqp-26hc-grxg","reference_id":"GHSA-mjqp-26hc-grxg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mjqp-26hc-grxg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46352?format=json","purl":"pkg:pypi/picklescan@0.0.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.31"}],"aliases":["CVE-2025-10156","GHSA-mjqp-26hc-grxg","PYSEC-2025-152"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auku-kbg2-2ybg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37112?format=json","vulnerability_id":"VCID-avk4-jaz6-m3gw","summary":"A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). \n\nWhen the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py#L309","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py#L309"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/28a7b4ef753466572bda3313737116eeb9b4e5c5","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/28a7b4ef753466572bda3313737116eeb9b4e5c5"},{"reference_url":"https://github.com/mmaitre314/picklescan/pull/50","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/pull/50"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f7qq-56ww-84cr","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f7qq-56ww-84cr"},{"reference_url":"https://huggingface.co/iluem/linux_pkl/resolve/main/asyncio_asyncio_unix_events___UnixSubprocessTransport__start.pkl","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huggingface.co/iluem/linux_pkl/resolve/main/asyncio_asyncio_unix_events___UnixSubprocessTransport__start.pkl"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10157","reference_id":"CVE-2025-10157","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10157"},{"reference_url":"https://github.com/advisories/GHSA-f7qq-56ww-84cr","reference_id":"GHSA-f7qq-56ww-84cr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f7qq-56ww-84cr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46352?format=json","purl":"pkg:pypi/picklescan@0.0.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.31"}],"aliases":["CVE-2025-10157","GHSA-f7qq-56ww-84cr","PYSEC-2025-153"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avk4-jaz6-m3gw"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58001?format=json","vulnerability_id":"VCID-b7jy-k4ur-bffk","summary":"Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof\nUsing torch.utils.bottleneck.\\_\\_main\\_\\_.run_autograd_prof function, which is a pytorch library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-4whj-rm5r-c2v8","reference_id":"GHSA-4whj-rm5r-c2v8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4whj-rm5r-c2v8"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4whj-rm5r-c2v8","reference_id":"GHSA-4whj-rm5r-c2v8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4whj-rm5r-c2v8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-4whj-rm5r-c2v8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7jy-k4ur-bffk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57998?format=json","vulnerability_id":"VCID-c7w5-grfx-j7fr","summary":"Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand\nUsing idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-j343-8v2j-ff7w","reference_id":"GHSA-j343-8v2j-ff7w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j343-8v2j-ff7w"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-j343-8v2j-ff7w","reference_id":"GHSA-j343-8v2j-ff7w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-j343-8v2j-ff7w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-j343-8v2j-ff7w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7w5-grfx-j7fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57989?format=json","vulnerability_id":"VCID-efmk-gy96-13bq","summary":"Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label\nUsing lib2to3.pgen2.pgen.ParserGenerator.make_label function, which is a built-in python library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-p9w7-82w4-7q8m","reference_id":"GHSA-p9w7-82w4-7q8m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p9w7-82w4-7q8m"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-p9w7-82w4-7q8m","reference_id":"GHSA-p9w7-82w4-7q8m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-p9w7-82w4-7q8m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-p9w7-82w4-7q8m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efmk-gy96-13bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57985?format=json","vulnerability_id":"VCID-g4fb-k4w9-tbd8","summary":"Picklescan is missing detection when calling built-in python cProfile.run\nUsing cProfile.run function, which is a built-in python library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-49gj-c84q-6qm9","reference_id":"GHSA-49gj-c84q-6qm9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-49gj-c84q-6qm9"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-49gj-c84q-6qm9","reference_id":"GHSA-49gj-c84q-6qm9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-49gj-c84q-6qm9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-49gj-c84q-6qm9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4fb-k4w9-tbd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58006?format=json","vulnerability_id":"VCID-mkc8-71mt-ybfs","summary":"Picklescan is missing detection when calling built-in python cProfile.runctx\nUsing cProfile.runctx function, which is a built-in python library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-9w88-8rmg-7g2p","reference_id":"GHSA-9w88-8rmg-7g2p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9w88-8rmg-7g2p"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9w88-8rmg-7g2p","reference_id":"GHSA-9w88-8rmg-7g2p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9w88-8rmg-7g2p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-9w88-8rmg-7g2p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkc8-71mt-ybfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57986?format=json","vulnerability_id":"VCID-rz3j-cnq5-6qbb","summary":"Picklescan is missing detection when calling built-in python ensurepip._run_pip\nUsing ensurepip._run_pip function, which is a built-in python library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-xp4f-hrf8-rxw7","reference_id":"GHSA-xp4f-hrf8-rxw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xp4f-hrf8-rxw7"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-xp4f-hrf8-rxw7","reference_id":"GHSA-xp4f-hrf8-rxw7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-xp4f-hrf8-rxw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-xp4f-hrf8-rxw7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rz3j-cnq5-6qbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58008?format=json","vulnerability_id":"VCID-tfrn-vtbm-97dr","summary":"Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode\nUsing idlelib.pyshell.ModifiedInterpreter.runcode function, which is a built-in python library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-3gf5-cxq9-w223","reference_id":"GHSA-3gf5-cxq9-w223","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gf5-cxq9-w223"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3gf5-cxq9-w223","reference_id":"GHSA-3gf5-cxq9-w223","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3gf5-cxq9-w223"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-3gf5-cxq9-w223"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfrn-vtbm-97dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57996?format=json","vulnerability_id":"VCID-utgf-mfym-6ff8","summary":"Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode\nUsing idlelib.run.Executive.runcode function, which is a built-in python library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-m869-42cg-3xwr","reference_id":"GHSA-m869-42cg-3xwr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m869-42cg-3xwr"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m869-42cg-3xwr","reference_id":"GHSA-m869-42cg-3xwr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m869-42cg-3xwr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-m869-42cg-3xwr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utgf-mfym-6ff8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57980?format=json","vulnerability_id":"VCID-v38f-mhcb-bucj","summary":"Picklescan is missing detection when calling built-in python doctest.debug_script\nUsing doctest.debug_script function, which is a built-in python library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-fqq6-7vqf-w3fg","reference_id":"GHSA-fqq6-7vqf-w3fg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fqq6-7vqf-w3fg"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-fqq6-7vqf-w3fg","reference_id":"GHSA-fqq6-7vqf-w3fg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-fqq6-7vqf-w3fg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-fqq6-7vqf-w3fg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v38f-mhcb-bucj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58002?format=json","vulnerability_id":"VCID-whea-3bmh-xya3","summary":"Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start\nUsing asyncio.unix_events._UnixSubprocessTransport._start function, which is a built-in python library function to execute remote pickle file.","references":[{"reference_url":"https://github.com/mmaitre314/picklescan","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan"},{"reference_url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/commit/1931c2d04eaca8d20597705ff39cab78ba364e4b"},{"reference_url":"https://github.com/advisories/GHSA-q77w-mwjj-7mqx","reference_id":"GHSA-q77w-mwjj-7mqx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q77w-mwjj-7mqx"},{"reference_url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-q77w-mwjj-7mqx","reference_id":"GHSA-q77w-mwjj-7mqx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-q77w-mwjj-7mqx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46351?format=json","purl":"pkg:pypi/picklescan@0.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2syv-syp1-6yhk"},{"vulnerability":"VCID-auku-kbg2-2ybg"},{"vulnerability":"VCID-avk4-jaz6-m3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}],"aliases":["GHSA-q77w-mwjj-7mqx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-whea-3bmh-xya3"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.30"}