GHSA-q77w-mwjj-7mqx: 
Python vulnerability analysis and mitigation

A security vulnerability (GHSA-q77w-mwjj-7mqx) was identified in the picklescan Python package affecting versions below 0.0.30. The vulnerability involves a missing detection capability when calling the built-in Python library function asyncio.unixevents.UnixSubprocessTransport._start. This vulnerability was disclosed on August 26, 2025, and primarily affects organizations and individuals using picklescan to detect malicious pickle files inside PyTorch models (GitHub Advisory).

The vulnerability stems from picklescan's inability to detect potentially malicious calls to the asyncio.unixevents.UnixSubprocessTransport._start function. The attack involves crafting a payload that utilizes this function within a reduce method. When victims use picklescan to verify a pickle file's safety, the library fails to identify this dangerous function call, allowing the malicious pickle file to be loaded through pickle.load(), which can lead to remote code execution (GitHub Advisory).

The vulnerability's impact is significant for organizations relying on picklescan for security scanning. Attackers can exploit this weakness to embed malicious code in pickle files that remain undetected by the scanner but execute when loaded. This creates potential for supply chain attacks where infected pickle files could be distributed across machine learning models, APIs, and saved Python objects (GitHub Advisory).

The vulnerability has been patched in picklescan version 0.0.30. Users are advised to upgrade to this version or later to address the security issue. The fix includes adding detection capabilities for the asyncio.unixevents.UnixSubprocessTransport._start function in the scanner's security checks (GitHub Commit).