Resource exhaustion in Seperman Deepdiff

CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructo…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.000 (7.7th percentile) — read the EPSS interpretation.

Affected products

Seperman Deepdiff — versions >= 5.0.0, < 8.6.2

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

https://github.com/qlustered/deepdiff/security/advisories/GHSA-54jj-px8x-5w5q (x_refsource_CONFIRM)
https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb (x_refsource_MISC)