GHSA-f7qq-56ww-84cr: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

September 10, 2025

The vulnerability allows malicious actors to bypass PickleScan’s unsafe globals check, leading to potential arbitrary code execution. The issue stems from PickleScan’s strict check for full module names against its list of unsafe globals. By using subclasses of dangerous imports instead of the exact module names, attackers can circumvent the check and inject malicious payloads.

References

github.com/advisories/GHSA-f7qq-56ww-84cr
github.com/mmaitre314/picklescan
github.com/mmaitre314/picklescan/commit/28a7b4ef753466572bda3313737116eeb9b4e5c5
github.com/mmaitre314/picklescan/pull/50
github.com/mmaitre314/picklescan/security/advisories/GHSA-f7qq-56ww-84cr

Code Behaviors & Features

Detect and mitigate GHSA-f7qq-56ww-84cr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →