CVE ID :CVE-2026-33155 Published : March 20, 2026, 9:17 p.m. | 1 hour, 7 minutes ago Description :DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFE_TO_IMPORT have constructors that allocate memory proportional to their input (builtins.bytes, builtins.list, builtins.range). A 40-byte pickle payload can force 10+ GB of memory, which crashes applications that load delta objects or call pickle_load with untrusted data. This issue has been patched in version 8.6.2. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...