picklescan Vulnerabilities

pip AI Security

AI Threat Alert tracks 93 known vulnerabilities in picklescan, 12 rated critical — an AI/ML ai security in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
53
Risk Score
93
Total CVEs
12
Critical
pip
Ecosystem
Jul 4, 2026
Last CVE
61%
Patch Rate
12d
Avg Time to Patch
414 stars 48 forks 6 issues 3 dependents Last push May 14, 2026
View on GitHub

Known Vulnerabilities (94 total, page 3 of 4)

Severity CVE ID Summary CVSS Published
MEDIUM GHSA-x696-vm39-cp64 picklescan: scan bypass allows RCE in ML pipelines -- Aug 26, 2025 MEDIUM GHSA-6vqj-c2q5-j97w picklescan: scanner bypass enables RCE via ML models -- Aug 26, 2025 MEDIUM GHSA-f54q-57x4-jg88 picklescan: scanner bypass enables RCE in ML models -- Aug 26, 2025 MEDIUM GHSA-3vg9-h568-4w9m picklescan: RCE bypass via idlelib SetText evasion -- Aug 26, 2025 MEDIUM GHSA-6w4w-5w54-rjvr picklescan: detection bypass allows RCE via ML model files -- Aug 26, 2025 MEDIUM GHSA-7cq8-mj8x-j263 picklescan: detection bypass allows malicious pickle RCE -- Aug 26, 2025 MEDIUM GHSA-cj3c-v495-4xqh picklescan: security bypass enables RCE in ML pipelines -- Aug 26, 2025 MEDIUM GHSA-8r4j-24qv-fmq9 picklescan: RCE bypass enables ML supply chain attack -- Aug 26, 2025 MEDIUM GHSA-9xph-j2h6-g47v picklescan: scanner bypass enables RCE via model files -- Aug 26, 2025 MEDIUM GHSA-4whj-rm5r-c2v8 picklescan: scanner bypass enables PyTorch gadget RCE -- Aug 26, 2025 MEDIUM GHSA-xp4f-hrf8-rxw7 picklescan: scanner bypass leads to undetected RCE -- Aug 26, 2025 MEDIUM GHSA-p9w7-82w4-7q8m picklescan: detection bypass allows pickle RCE in ML pipelines -- Aug 26, 2025 MEDIUM GHSA-m869-42cg-3xwr picklescan: scanner bypass enables RCE via ML models -- Aug 26, 2025 MEDIUM GHSA-j343-8v2j-ff7w picklescan: scanner bypass allows pickle-based RCE -- Aug 26, 2025 MEDIUM GHSA-3gf5-cxq9-w223 picklescan: scanner bypass enables pickle RCE in ML models -- Aug 26, 2025 MEDIUM GHSA-fqq6-7vqf-w3fg picklescan: detection bypass allows undetected RCE in ML models -- Aug 26, 2025 MEDIUM GHSA-9w88-8rmg-7g2p picklescan: scan bypass allows silent RCE via ML models -- Aug 26, 2025 MEDIUM GHSA-49gj-c84q-6qm9 picklescan: scanner bypass enables RCE via ML model files -- Aug 26, 2025 MEDIUM GHSA-q77w-mwjj-7mqx picklescan: scanner bypass enables model RCE -- Aug 26, 2025 HIGH CVE-2025-10157 PickleScan: subclass bypass enables malicious model RCE 8.3 Sep 10, 2025 HIGH CVE-2025-10156 Picklescan: CRC bypass hides malicious pickle in ZIP 7.5 Sep 10, 2025 HIGH GHSA-m273-6v24-x4m4 picklescan: Deserialization enables RCE -- Dec 29, 2025 HIGH GHSA-4675-36f9-wf6r picklescan: Allowlist Bypass evades input filtering -- Dec 29, 2025 HIGH GHSA-84r2-jw7c-4r5q picklescan: Allowlist Bypass evades input filtering -- Dec 29, 2025 HIGH GHSA-vqmv-47xg-9wpr picklescan: Deserialization enables RCE -- Dec 29, 2025

Showing 51–75 of 94

Frequently asked questions

What is picklescan?

picklescan is an AI/ML ai security tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does picklescan have?

picklescan has 93 known CVEs, 12 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is picklescan distributed in?

picklescan is distributed via the pip ecosystem and categorized as ai security.

Where does the picklescan vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of picklescan?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor picklescan in your stack

Get instant alerts when new vulnerabilities affect picklescan. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring