GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
Fickling missing RCE-capable modules in UNSAFE_IMPORTS
High
GHSA-5hwf-rc88-82xm
was published
for
fickling
(pip)
Mar 4, 2026
PickleScan has multiple stdlib modules with direct RCE not in blocklist
Critical
GHSA-g38g-8gr9-h9xp
was published
for
picklescan
(pip)
Mar 3, 2026
PickleScan's pkgutil.resolve_name has a universal blocklist bypass
Critical
GHSA-vvpj-8cmc-gx39
was published
for
picklescan
(pip)
Mar 3, 2026
PickleScan's profile.run blocklist mismatch allows exec() bypass
Critical
GHSA-7wx9-6375-f5wh
was published
for
picklescan
(pip)
Mar 3, 2026
Fickling has safety check bypass via REDUCE+BUILD opcode sequence
Moderate
GHSA-mhc9-48gj-9gp3
was published
for
fickling
(pip)
Feb 25, 2026
Fickling: OBJ opcode call invisibility bypasses all safety checks
High
GHSA-mxhj-88fx-4pcv
was published
for
fickling
(pip)
Feb 24, 2026
ProTip!
Advisories are also available from the
GraphQL API