Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-5cxw-w2xg-2m8h
  • PyPI/fickling
 fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE` 13 Mar
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-r48f-3986-4f9c
  • PyPI/fickling
 fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist 13 Mar
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-5hwf-rc88-82xm
  • PyPI/fickling
 Fickling missing RCE-capable modules in UNSAFE_IMPORTS 04 Mar
  • Fix available
  • Severity - 8.9 (High)
GHSA-wccx-j62j-r448
  • PyPI/fickling
 Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked 04 Mar
  • Fix available
  • Severity - 8.9 (High)
GHSA-mhc9-48gj-9gp3
  • PyPI/fickling
 Fickling has safety check bypass via REDUCE+BUILD opcode sequence 25 Feb
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mxhj-88fx-4pcv
  • PyPI/fickling
 Fickling: OBJ opcode call invisibility bypasses all safety checks 24 Feb
  • Fix available
  • Severity - 8.6 (High)
GHSA-83pf-v6qq-pwmr
  • PyPI/fickling
 Fickling has a detection bypass via stdlib network-protocol constructors 20 Feb
  • Fix available
  • Severity - 2.3 (Low)
GHSA-h4rm-mm56-xf63
  • PyPI/fickling
 Fickling vulnerable to detection bypass due to "builtins" blindness 09 Jan
  • Fix available
  • Severity - 8.9 (High)
GHSA-q5qq-mvfm-j35x
  • PyPI/fickling
 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist 09 Jan
  • Fix available
  • Severity - 8.9 (High)
GHSA-5hvc-6wx8-mvv4
  • PyPI/fickling
 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection 09 Jan
  • Fix available
  • Severity - 8.9 (High)
GHSA-p523-jq9w-64x9
  • PyPI/fickling
 Fickling Blocklist Bypass: cProfile.run() 09 Jan
  • Fix available
  • Severity - 8.9 (High)
GHSA-wfq2-52f7-7qvj
  • PyPI/fickling
 Fickling has a bypass via runpy.run_path() and runpy.run_module() 09 Jan
  • Fix available
  • Severity - 8.9 (High)
GHSA-r7v6-mfhq-g3m2
  • PyPI/fickling
 Fickling has Code Injection vulnerability via pty.spawn() 15 Dec 2025
  • Fix available
  • Severity - 7.1 (High)
GHSA-565g-hwwr-4pp3
  • PyPI/fickling
 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list 15 Dec 2025
  • Fix available
  • Severity - 7.1 (High)