marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
pypi.doubanio.com/simple/request
github.com/advisories/GHSA-57qv-h9m7-jxfg
github.com/joajfreitas/marcador
github.com/joajfreitas/marcador/commit/84d84549c6c6d765abc9243ac7e85d810f32d6e7
github.com/joajfreitas/marcador/issues/5
github.com/pypa/advisory-database/tree/main/vulns/marcador/PYSEC-2022-185.yaml
nvd.nist.gov/vuln/detail/CVE-2022-28470
pypi.org/project/marcador