GHSA-QW48-84F6-28GV
Vulnerability from github – Published: 2026-05-18 13:27 – Updated: 2026-05-18 13:27Impact
Type of vulnerability: Insecure Deserialization via Python's pickle module.
Who is impacted:
Users of Graphite graph database engine versions before 0.2 who load database files from untrusted or third-party sources.
An attacker could craft a malicious database file that executes arbitrary code when loaded by the engine. This is possible because the engine used pickle for serialization, which is known to be unsafe for untrusted data.
Patches
The vulnerability has been patched starting from version 0.2.
All users should upgrade to version 0.2 or later (the current version is 0.4 at publishing time).
In version 0.2 and above, the engine uses JSON instead of pickle for database storage, eliminating the deserialization risk.
Workarounds
If users cannot upgrade immediately:
- Do not load database files from untrusted or unknown sources when using versions <0.2.
- Migrate existing pickle-based databases to the new JSON format using the provided migration module:
from graphite.Migration import convert_pickle_to_json
convert_pickle_to_json("path/to/old_database.pkl", "path/to/new_database.json")
After migration, you can safely use the database with version 0.2+.
Note: Versions 0.2 and later will show a warning when attempting to load legacy pickle files, reminding you to migrate them. Also, you can't load pickle files in 0.2 and later.
Resources
- Upgrade to v0.2 or newer
- Migration guide: See
graphite.Migrationmodule documentation - More on pickle security: Python docs – pickle security
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "graphitedb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T13:27:55Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\n**Type of vulnerability:** Insecure Deserialization via Python\u0027s `pickle` module.\n\n**Who is impacted:** \nUsers of *Graphite graph database engine* versions **before 0.2** who load database files from untrusted or third-party sources. \nAn attacker could craft a malicious database file that executes arbitrary code when loaded by the engine. This is possible because the engine used `pickle` for serialization, which is known to be unsafe for untrusted data.\n\n### Patches\nThe vulnerability has been patched starting from **version 0.2**. \nAll users should upgrade to **version 0.2 or later** (the current version is 0.4 at publishing time). \nIn version 0.2 and above, the engine uses **JSON** instead of `pickle` for database storage, eliminating the deserialization risk.\n\n### Workarounds\nIf users cannot upgrade immediately:\n\n1. **Do not load database files from untrusted or unknown sources** when using versions \u003c0.2.\n2. **Migrate existing pickle-based databases** to the new JSON format using the provided migration module:\n\n```python\nfrom graphite.Migration import convert_pickle_to_json\nconvert_pickle_to_json(\"path/to/old_database.pkl\", \"path/to/new_database.json\")\n```\n\nAfter migration, you can safely use the database with version 0.2+.\n\n**Note:** Versions 0.2 and later will show a **warning** when attempting to load legacy pickle files, reminding you to migrate them. Also, **you can\u0027t load pickle files** in 0.2 and later.\n\n### Resources\n- Upgrade to [v0.2 or newer](https://github.com/mkh-user/graphite/releases)\n- Migration guide: See `graphite.Migration` module documentation\n- More on pickle security: [Python docs \u2013 pickle security](https://docs.python.org/3/library/pickle.html#module-pickle)",
"id": "GHSA-qw48-84f6-28gv",
"modified": "2026-05-18T13:27:56Z",
"published": "2026-05-18T13:27:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mkh-user/graphite/security/advisories/GHSA-qw48-84f6-28gv"
},
{
"type": "PACKAGE",
"url": "https://github.com/mkh-user/graphite"
},
{
"type": "WEB",
"url": "https://github.com/mkh-user/graphite/releases/tag/v0.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Graphite Has a Pickle Deserialization Vulnerability"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.