Lucene search
K

731 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in cosmos-gradio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bf1266e0846a392e9aaa6805756d26dc427a04415e8a422d53ffce7a1a0c2e2 cosmos-gradio 9999.0.0 is a dependency-confusion squat published as an sdist-only release with an intentionally inflated version to win highest-versi...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 9:23 p.m.12 views

Malicious code in horde-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ae9afcd7af22c82b137c1142ae643502d82f3d1f28712b2e5c7ec412bea85e horde-python-client 99999.0.0 is a dependency-confusion lure. On import hordepythonclient, a daemon thread unconditionally POSTs a JSON payload...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/02 9:23 p.m.3 views

MAL-2026-6734 Malicious code in horde-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ae9afcd7af22c82b137c1142ae643502d82f3d1f28712b2e5c7ec412bea85e horde-python-client 99999.0.0 is a dependency-confusion lure. On import hordepythonclient, a daemon thread unconditionally POSTs a JSON payload...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/07/02 9:22 p.m.8 views

MAL-2026-6735 Malicious code in ue-python-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a6d9d874ce102a9ac674f8f713472a473007dc3d51adb869c5198afc708751 On import uepythontools, the package spawns a background thread that issues an HTTP POST to http://109.123.247.172/pypi carrying a JSON payload...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/07/02 9:22 p.m.4 views

MAL-2026-6736 Malicious code in unreal-mladapter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 126bf3493d123333b47fba2ed68e30c085c8266dfb4d16923a81e9ee094f4780 The package name unreal-mladapter mimics Epic Games' internal UnrealMLAdapter plugin and is published at version 99999.0.0 — the canonical high-versi...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/29 9:41 a.m.6 views

MAL-2026-6593 Malicious code in django-bkvision (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60f6913309b46f7fc428e08267197a375885efc1b3c5660d7707ef70895f558c setup.py executes a top-level function on pip install that collects host metadata hostname, user, cwd, Python version, platform, pid, timestamp and...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/25 5:20 p.m.20 views

MAL-2026-6467 Malicious code in @vpms/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 7:54 a.m.11 views

Malicious code in inversiones-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:37 a.m.14 views

Malicious code in datacamp-light (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 234a0d37873455b7db32068745d93ed29aafa596877b39949280b4ec0621ad6b datacamp-light 99.0.0 impersonates DataCamp's internal package name='datacamp-light', author='DataCamp',...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/15 5:39 p.m.9 views

MAL-2026-5810 Malicious code in dispatch-internal-plugins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5993e79eab55ecc24ada6a4bce88f580c958499d51d0d7472e74aad904648964 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:38 p.m.12 views

Malicious code in gigl-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 28903f76bed2e89a18c9c276d62c95bb089a091020f89f35f7d2800ef6a3bce3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:37 p.m.12 views

Malicious code in mlir-aie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b322e48aca1ca0a746c94d2a935756a1303b61a1530cf39bedf9f75097269bad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/15 5:37 p.m.10 views

MAL-2026-5818 Malicious code in mlir-aie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b322e48aca1ca0a746c94d2a935756a1303b61a1530cf39bedf9f75097269bad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/15 5:37 p.m.12 views

MAL-2026-5813 Malicious code in intel-ai-safety (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7bafa4e952ec2e2db6e164f8bf385088c38438396f02f8096c28a6105878e729 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:37 p.m.14 views

Malicious code in sl-pgp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53bd44f0ef91bd7b2757153e06bc9a7b697aba1af30af9bc6a6ccb71d7a3012a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/15 5:37 p.m.10 views

MAL-2026-5823 Malicious code in sl-pgp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53bd44f0ef91bd7b2757153e06bc9a7b697aba1af30af9bc6a6ccb71d7a3012a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/15 5:36 p.m.8 views

MAL-2026-5822 Malicious code in scriptworker-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b8cdfb6bd0db2d192ccd67b0ebb8023dee7343620b9a48c95cc58b5e1ee536f0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 9:40 a.m.16 views

Malicious code in ckanext-dms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 10:9 a.m.18 views

Malicious code in bash8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e665213ba552605420b2269888e041b8b8af4c9e8314d731a8aa246f0fefd748 Package is published as 'bash8' matching an existing PyPI bash linter but installs a top-level module named 'cacertificates' whose only content is a...

6.1AI score
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/13 7:11 a.m.83 views

web-vuln-scanner

Web Vulnerability Scanner Basic web application vulnerability...

5.9AI score
Exploits0
Rows per page
Query Builder