Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
fg0x0 Credited to fg0x0
fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE` Moderate
GHSA-5cxw-w2xg-2m8h was published for fickling (pip) Mar 13, 2026
mldangelo Credited to mldangelo
fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist Moderate
GHSA-r48f-3986-4f9c was published for fickling (pip) Mar 13, 2026
fg0x0 Credited to fg0x0
Fickling has safety check bypass via REDUCE+BUILD opcode sequence Moderate
GHSA-mhc9-48gj-9gp3 was published for fickling (pip) Feb 25, 2026
yash2998chhabria Credited to yash2998chhabria
libsodium has Incomplete List of Disallowed Inputs Moderate
CVE-2025-69277 was published for PyNaCl (Composer) Dec 31, 2025
Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate Moderate
GHSA-4p4h-9gvq-7xfg was published for picklescan (pip) Apr 24, 2025 withdrawn
Picklescan missing detection when calling built-in python library function timeit.timeit() Moderate
GHSA-v7x6-rv5q-mhwc was published for picklescan (pip) Apr 7, 2025
SeaW1nd Credited to SeaW1nd
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
CVE-2025-1716 was published for picklescan (pip) Mar 3, 2025
madgetr Credited to madgetr
Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
GHSA-vr75-hjh9-7fr6 was published for picklescan (pip) Mar 3, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API