Security
Headlines

Headlines Latest CVEs

Headline

GHSA-j424-mc44-f4hj: Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references.

Original Description

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

10 hours ago

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
GHSA-j424-mc44-f4hj

Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch

Critical severity GitHub Reviewed Published Sep 17, 2025 to the GitHub Advisory Database • Updated Sep 17, 2025

Withdrawn This advisory was withdrawn on Sep 17, 2025

Package

pip picklescan (pip)

Affected versions

< 0.0.31

Published by the National Vulnerability Database

Sep 17, 2025

Published to the GitHub Advisory Database

Sep 17, 2025

Last updated

Sep 17, 2025

ghsa: Latest News

GHSA-393w-9x6h-8gc7: Pingora update for MadeYouReset HTTP/2 vulnerability

2 hours ago

GHSA-p6jq-8vc4-79f6: Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival

2 hours ago

GHSA-m4j5-5x4r-2xp9: Keycloak SMTP Inject Vulnerability

2 hours ago

GHSA-mcvp-rpgg-9273: DragonFly's tiny file download uses hard coded HTTP protocol

2 hours ago

GHSA-hx2h-vjw2-8r54: DragonFly has weak integrity checks for downloaded files

2 hours ago