GHSA-4r9r-ch6f-vxmx: 
Python vulnerability analysis and mitigation

The vulnerability (GHSA-4r9r-ch6f-vxmx) affects the picklescan library versions 0.0.27 and earlier, which fails to detect potentially malicious code when the PyTorch function torch.utils.bottleneck.main.run_cprofile is used. The vulnerability was discovered and reported by FredericDT, and was patched in version 0.0.28 released on August 22, 2025 (GitHub Release).

The vulnerability stems from picklescan's inability to identify the torch.utils.bottleneck.main.runcprofile function as potentially dangerous. Attackers can craft a malicious payload by implementing a _reduce__ method that calls this function, which can then be used to execute arbitrary code. The vulnerability has been assigned a Moderate severity rating (GitHub Advisory).

The vulnerability affects any organization or individual using picklescan to detect malicious pickle files within PyTorch models. Attackers can exploit this vulnerability to embed malicious code in pickle files that remain undetected by picklescan but execute when the pickle file is loaded. This can potentially lead to supply chain attacks where infected pickle files are distributed across machine learning models, APIs, and saved Python objects (GitHub Advisory).

Users should upgrade to picklescan version 0.0.28 or later, which includes patches for this vulnerability. The fix involves adding torch.utils.bottleneck.main.run_cprofile to the list of dangerous functions that picklescan detects (GitHub Release).