Vendor
Graphite versions before 0.2 are vulnerable to insecure deserialization due to the use of Python's `pickle` module for database storage, allowing attackers to craft malicious database files that execute arbitrary code when loaded.