Trailofbits Fickling
9 CVEs affecting Trailofbits Fickling. Latest disclosed: 2026-07-04. Critical: 0, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-14535 | High | 8.8 | 2026-07-04 | In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on ev… |
CVE-2026-14534 | High | 8.8 | 2026-07-04 | Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_… |
CVE-2026-22612 | High | 7.8 | 2026-01-10 | Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. T… |
CVE-2026-22609 | High | 7.8 | 2026-01-10 | Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag s… |
CVE-2026-22608 | High | 7.8 | 2026-01-10 | Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other exist… |
CVE-2026-22607 | High | 7.8 | 2026-01-10 | Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Beca… |
CVE-2026-22606 | High | 7.8 | 2026-01-10 | Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because… |
CVE-2025-67748 | High | 7.8 | 2025-12-16 | Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module… |
CVE-2025-67747 | High | 7.8 | 2025-12-16 | Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing `marshal` and `types` from the block list of unsafe module im… |