Trailofbits Fickling

9 CVEs affecting Trailofbits Fickling. Latest disclosed: 2026-07-04. Critical: 0, High: 9.

Top CVEs affecting Trailofbits Fickling
CVESeverityScorePublishedSummary
CVE-2026-14535High8.82026-07-04In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on ev…
CVE-2026-14534High8.82026-07-04Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_…
CVE-2026-22612High7.82026-01-10Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. T…
CVE-2026-22609High7.82026-01-10Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag s…
CVE-2026-22608High7.82026-01-10Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other exist…
CVE-2026-22607High7.82026-01-10Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Beca…
CVE-2026-22606High7.82026-01-10Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because…
CVE-2025-67748High7.82025-12-16Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module…
CVE-2025-67747High7.82025-12-16Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing `marshal` and `types` from the block list of unsafe module im…