Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2025-1889
- EPSS 0.37%
- Veröffentlicht 03.03.2025 19:15:34
- Zuletzt bearbeitet 29.12.2025 15:16:01
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Becaus...
9.8
CVE-2025-1716
- EPSS 1.5%
- Veröffentlicht 26.02.2025 15:15:24
- Zuletzt bearbeitet 29.12.2025 15:16:00
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a rest...