GHSA-f745-w6jp-hpxx: 
Python vulnerability analysis and mitigation

The vulnerability (GHSA-f745-w6jp-hpxx) affects the picklescan library versions 0.0.27 and earlier, which fails to detect potentially malicious code when the PyTorch function torch.utils.collect_env.run is used in pickle files. The vulnerability was discovered and reported by FredericDT, and was patched in version 0.0.28 released on August 22, 2025 (GitHub Advisory).

The vulnerability stems from picklescan's inability to identify the torch.utils.collectenv.run function as potentially dangerous when scanning pickle files. This function can be exploited through Python's _reduce__ method to execute arbitrary commands. The vulnerability allows attackers to craft malicious pickle files that pass picklescan's security checks while containing executable code (GitHub Advisory).

The vulnerability affects any organization or individual using picklescan to detect malicious pickle files within PyTorch models. Attackers can exploit this vulnerability to embed malicious code in pickle files that remain undetected by picklescan but execute when loaded. This creates potential for supply chain attacks where infected pickle files could be distributed across machine learning models, APIs, and saved Python objects (GitHub Advisory).

The vulnerability has been patched in picklescan version 0.0.28. Users should upgrade to this version or later to ensure proper detection of potentially malicious uses of the torch.utils.collect_env.run function (GitHub Release).