GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
113 advisories
Fickling has safety check bypass via REDUCE+BUILD opcode sequence
Moderate
GHSA-mhc9-48gj-9gp3
was published
for
fickling
(pip)
Feb 25, 2026
Fickling has a detection bypass via stdlib network-protocol constructors
Low
GHSA-83pf-v6qq-pwmr
was published
for
fickling
(pip)
Feb 20, 2026
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
Low
CVE-2026-31996
was published
for
openclaw
(npm)
Feb 19, 2026
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
High
GHSA-97f8-7cmv-76j2
was published
for
picklescan
(pip)
Feb 18, 2026
FUXA Affected by a Path Traversal Sanitization Bypass
High
CVE-2026-25951
was published
for
fuxa-server
(npm)
Feb 10, 2026
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
High
CVE-2026-22609
was published
for
fickling
(pip)
Jan 9, 2026
Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
High
CVE-2026-22608
was published
for
fickling
(pip)
Jan 9, 2026
Fickling Blocklist Bypass: cProfile.run()
High
CVE-2026-22607
was published
for
fickling
(pip)
Jan 9, 2026
Fickling has a bypass via runpy.run_path() and runpy.run_module()
High
CVE-2026-22606
was published
for
fickling
(pip)
Jan 9, 2026
Picklescan has Incomplete List of Disallowed Inputs
High
GHSA-84r2-jw7c-4r5q
was published
for
picklescan
(pip)
Dec 29, 2025
Picklescan does not block ctypes
High
GHSA-4675-36f9-wf6r
was published
for
picklescan
(pip)
Dec 29, 2025
Fickling has Code Injection vulnerability via pty.spawn()
High
CVE-2025-67748
was published
for
fickling
(pip)
Dec 15, 2025
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
High
CVE-2025-67747
was published
for
fickling
(pip)
Dec 15, 2025
Improper Validation of Query Parameters in Auth0 Next.js SDK
Low
CVE-2025-67716
was published
for
@auth0/nextjs-auth0
(npm)
Dec 10, 2025
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
Low
CVE-2025-61924
was published
for
prestashop/ps_checkout
(Composer)
Oct 16, 2025
Picklescan missing detection when calling built-in python library function timeit.timeit()
Moderate
GHSA-v7x6-rv5q-mhwc
was published
for
picklescan
(pip)
Apr 7, 2025
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
High
CVE-2025-46417
was published
for
picklescan
(pip)
Apr 7, 2025
ProTip!
Advisories are also available from the
GraphQL API