GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3 advisories
PickleScan has multiple stdlib modules with direct RCE not in blocklist
Critical
GHSA-g38g-8gr9-h9xp
was published
for
picklescan
(pip)
Mar 3, 2026
PickleScan's pkgutil.resolve_name has a universal blocklist bypass
Critical
GHSA-vvpj-8cmc-gx39
was published
for
picklescan
(pip)
Mar 3, 2026
PickleScan's profile.run blocklist mismatch allows exec() bypass
Critical
GHSA-7wx9-6375-f5wh
was published
for
picklescan
(pip)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API