Simon Willison’s Weblog

Why Python Pickle is Insecure. Because pickle is essentially a stack-based interpreter, so you can put os.system on the stack and use it to execute arbitrary commands.

Posted 9th September 2009 at 11:04 pm

Recent articles

Claude can write complete Datasette plugins now - 8th October 2025
Vibe engineering - 7th October 2025
OpenAI DevDay 2025 live blog - 6th October 2025

pickle 1 python 1196 security 552

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe