Incomplete List of Disallowed Inputs Affecting picklescan package, versions [,0.0.33)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.62% (46th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-PICKLESCAN-17423194
  • published23 Jun 2026
  • disclosed17 Jun 2026
  • creditApollyon

Introduced: 17 Jun 2026

NewCVE-2025-71320  (opens in a new tab)
CWE-184  (opens in a new tab)

How to fix?

Upgrade picklescan to version 0.0.33 or higher.

Overview

picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the incomplete deny-list in the deserialization. An attacker can execute arbitrary code on the end user by crafting malicious pickle files that utilize unblocked functions.

CVSS Base Scores

version 4.0
version 3.1