picklescan Vulnerabilities

pip AI Security

AI Threat Alert tracks 95 known vulnerabilities in picklescan, 12 rated critical — an AI/ML ai security in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
53
Risk Score
95
Total CVEs
12
Critical
pip
Ecosystem
Jul 4, 2026
Last CVE
60%
Patch Rate
12d
Avg Time to Patch
414 stars 48 forks 6 issues 3 dependents Last push May 14, 2026
View on GitHub

Known Vulnerabilities (95 total, page 4 of 4)

Severity CVE ID Summary CVSS Published
HIGH GHSA-vqmv-47xg-9wpr picklescan: Deserialization enables RCE -- Dec 29, 2025 HIGH GHSA-hgrh-qx5j-jfwx picklescan: Protection Bypass circumvents security controls 8.8 Dec 29, 2025 HIGH GHSA-r8g5-cgf2-4m4m picklescan: Deserialization enables RCE -- Dec 29, 2025 HIGH GHSA-x843-g5mx-g377 picklescan: Code Injection enables RCE -- Dec 29, 2025 HIGH GHSA-3329-ghmp-jmv5 picklescan: Code Injection enables RCE -- Dec 29, 2025 MEDIUM GHSA-cffc-mxrf-mhh4 picklescan: Code Injection enables RCE -- Dec 29, 2025 HIGH GHSA-rrxm-2pvv-m66x picklescan: Code Injection enables RCE -- Dec 30, 2025 MEDIUM GHSA-6556-fwc2-fg2p picklescan: Code Injection enables RCE -- Dec 30, 2025 HIGH GHSA-955r-x9j8-7rhh picklescan: Code Injection enables RCE -- Dec 30, 2025 HIGH GHSA-46h3-79wf-xr6c picklescan: Code Injection enables RCE -- Dec 30, 2025 HIGH GHSA-9726-w42j-3qjr picklescan: Path Traversal enables file access -- Jan 8, 2026 HIGH GHSA-9m3x-qqw2-h32h picklescan: Deserialization enables RCE -- Feb 2, 2026 MEDIUM GHSA-m7j5-r2p5-c39r picklescan: Deserialization enables RCE -- Feb 2, 2026 HIGH GHSA-97f8-7cmv-76j2 picklescan: Allowlist Bypass evades input filtering -- Feb 18, 2026 CRITICAL GHSA-7wx9-6375-f5wh picklescan: Allowlist Bypass evades input filtering 9.8 Mar 3, 2026 CRITICAL GHSA-vvpj-8cmc-gx39 picklescan: security flaw enables exploitation 10.0 Mar 3, 2026 CRITICAL GHSA-g38g-8gr9-h9xp picklescan: Allowlist Bypass evades input filtering 9.8 Mar 3, 2026 HIGH CVE-2025-10155 picklescan: file extension bypass allows model RCE 7.8 Sep 17, 2025 CRITICAL CVE-2025-1945 picklescan: ZIP flag bypass enables RCE in PyTorch models 9.8 Mar 10, 2025 MEDIUM CVE-2025-1944 picklescan: ZIP spoof lets malicious PyTorch models bypass scan 6.5 Mar 10, 2025

Showing 76–95 of 95

Frequently asked questions

What is picklescan?

picklescan is an AI/ML ai security tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does picklescan have?

picklescan has 95 known CVEs, 12 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is picklescan distributed in?

picklescan is distributed via the pip ecosystem and categorized as ai security.

Where does the picklescan vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of picklescan?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor picklescan in your stack

Get instant alerts when new vulnerabilities affect picklescan. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring