VYPR

PLY

by Python Lex-Yacc

CVEs (1)

  • CVE-2025-56005Jan 20, 2026
    risk 0.00cvss epss 0.17

    An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because…