📦 Picklescan

This vulnerability allows attackers to bypass security scans in mmaitre314 picklescan by crafting ZIP archives with bad CRC values. When exploited, malicious pickle files can evade detection and execu...

CVE-2025-1945 is a vulnerability in picklescan versions before 0.0.23 that allows attackers to bypass security scanning by embedding malicious pickle files in PyTorch model archives with modified ZIP ...

CVE-2025-1889 is a vulnerability in picklescan versions before 0.0.22 where the tool only checks standard pickle file extensions (.pkl, .pickle, .pckl) for malicious content. Attackers can bypass secu...

CVE-2025-1716 is a critical vulnerability in picklescan versions before 0.0.21 where the tool fails to restrict the 'pip' global during pickle file scanning. This allows attackers to embed malicious c...

This vulnerability allows attackers to bypass picklescan's unsafe globals check by using submodule imports instead of exact package names. Attackers can load malicious pickle files that appear safe du...

This vulnerability allows attackers to bypass security checks in picklescan by disguising malicious pickle files with PyTorch-related extensions. When these files are incorrectly marked as safe and lo...

This vulnerability in Picklescan versions before 0.0.25 allows data exfiltration via DNS requests after deserialization due to missing 'ssl' in unsafe globals. Attackers can exploit this to leak sensi...

CVE-2025-1944 is a ZIP archive manipulation vulnerability in picklescan versions before 0.0.23 that allows malicious PyTorch model files to bypass security scanning. Attackers can craft archives with ...