Every CVE whose affected-product data names Mmaitre314 Picklescan, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2025-1716 — CVSS 9.8 (critical): picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a…
CVE-2025-10156 — CVSS 9.8 (critical): An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote…
CVE-2025-1889 — CVSS 9.8 (critical): picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a…
CVE-2025-1945 — CVSS 9.8 (critical): picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified…
CVE-2025-71348 — CVSS 8.1 (high): picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce…
CVE-2025-71378 — CVSS 8.1 (high): picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute…
CVE-2025-71357 — CVSS 8.1 (high): picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods…
CVE-2025-10155 — CVSS 7.8 (high): An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a…
CVE-2025-10157 — CVSS 7.8 (high): A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to…
CVE-2025-46417 — CVSS 7.5 (high): The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS…
CVE-2025-1944 — CVSS 6.5 (medium): picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan…
CVE-2026-56304 — CVSS 6.5 (medium): picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary…