fickling

PyPI7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ficklingpage 1 of 1

CVE-2025-67747HIGHCVSS 7.8EG 7.8✓ Fixed in 0.1.6
2025-12-16
vulnerable: 0.0.1 ... 0.1.5 (12 versions)
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing `marshal` and `types` from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows…
CVE-2025-67748HIGHCVSS 7.8EG 7.8✓ Fixed in 0.1.6
2025-12-16
vulnerable: 0.0.1 ... 0.1.5 (12 versions)
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module imports. This led to unsafe pickles based on `pty.spawn()` being incorrectly fl…
CVE-2026-22606HIGHCVSS 7.8EG 7.8✓ Fixed in 0.1.7
2026-01-10
vulnerable: 0.0.1 ... 0.1.6 (13 versions)
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.run_path() or runpy.run_module() …
CVE-2026-22607HIGHCVSS 7.8EG 7.8✓ Fixed in 0.1.7
2026-01-10
vulnerable: 0.0.1 ... 0.1.6 (13 versions)
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPIC…
CVE-2026-22608HIGHCVSS 7.8EG 7.8✓ Fixed in 0.1.7
2026-01-10
vulnerable: 0.0.1 ... 0.1.6 (13 versions)
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining …
CVE-2026-22609HIGHCVSS 7.8EG 7.8✓ Fixed in 0.1.7
2026-01-10
vulnerable: 0.0.1 ... 0.1.6 (13 versions)
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. M…
CVE-2026-22612HIGHCVSS 7.8EG 7.8✓ Fixed in 0.1.7
2026-01-10
vulnerable: 0.0.1 ... 0.1.6 (13 versions)
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.

Check whether fickling is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for fickling CVEs against the assets you own.

Start Free Scan →