Create a draft advisory to notify of vulnerabilities, false positives, false negatives, etc.
Security: mmaitre314/picklescan
Security
SECURITY.md
-
profile.run blocklist mismatch allows exec() bypassGHSA-7wx9-6375-f5wh published
Mar 2, 2026 by mmaitre314Critical -
pkgutil.resolve_name universal blocklist bypassGHSA-vvpj-8cmc-gx39 published
Mar 2, 2026 by mmaitre314Critical -
Multiple stdlib modules with direct RCE not in blocklistGHSA-g38g-8gr9-h9xp published
Mar 2, 2026 by mmaitre314Critical -
Arbitrary file create using logging.FileHandlerGHSA-m7j5-r2p5-c39r published
Feb 2, 2026 by mmaitre314Moderate -
Arbitrary file read using `io.FileIO`GHSA-9726-w42j-3qjr published
Jan 7, 2026 by mmaitre314High -
Arbitrary File WritingGHSA-m273-6v24-x4m4 published
Dec 26, 2025 by mmaitre314High -
ctypes not being blockedGHSA-4675-36f9-wf6r published
Dec 26, 2025 by mmaitre314Critical -
Incomplete List of Disallowed Inputs in picklescanGHSA-84r2-jw7c-4r5q published
Dec 26, 2025 by mmaitre314Critical -
Missing detection when calling pty.spawnGHSA-vqmv-47xg-9wpr published
Dec 26, 2025 by mmaitre314Moderate -
Bypassing Unsafe Globals Check using pty.spawnGHSA-hgrh-qx5j-jfwx published
Dec 26, 2025 by mmaitre314High
Learn more about advisories related to mmaitre314/picklescan in the GitHub Advisory Database