MAL-2023-1389 Malicious code in pygame-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93390eea0977ef15ff0c7413e64df5bd99497ea76e9238097ee0b6f4b9862fdd The OpenSSF Package Analysis project identified 'pygame-install' @ 17.14.20 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1382 Malicious code in numpy-selenium (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dc92a371c845859241fd20b897b00c4b6c39fcc8ec83dfe9fbb0146c36d267c5 The OpenSSF Package Analysis project identified 'numpy-selenium' @ 5.20.19 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1391 Malicious code in pygame-pytorch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c104a6d866e764da7907147cd7def349f360987498156433ef1e11bf4ac2263c The OpenSSF Package Analysis project identified 'pygame-pytorch' @ 3.4.19 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1396 Malicious code in pytorch-pandas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 21d9172520d87343cf043969211d79bebee861c010da78f947a6464d138a78eb The OpenSSF Package Analysis project identified 'pytorch-pandas' @ 14.19.3 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1358 Malicious code in beautifulsoup-scikit-learn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6e35a9499d5b3efd34a3813328043f5f0132eef5cacc23f14dbaa2ba4e06ce43 The OpenSSF Package Analysis project identified 'beautifulsoup-scikit-learn' @ 2.4.9 pypi as malicious. It is considered malicious because: - Th...

MAL-2023-1400 Malicious code in req-matplotlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 42e8fed5a27a6a36519ad623fa6c33db0f7824fc859500c5f049ec26347c2b3c The OpenSSF Package Analysis project identified 'req-matplotlib' @ 11.2.18 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1376 Malicious code in matplotlib-flask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 15cce6ca7d9ce0af312425dec9ae608529c322b940526b20135cdcd8673ba31c The OpenSSF Package Analysis project identified 'matplotlib-flask' @ 7.15.10 pypi as malicious. It is considered malicious because: - The packag...

MAL-2023-1401 Malicious code in req-os (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a4c774c66c886693b125c705573bcf15587bb2320aec1b977d51399406abb433 The OpenSSF Package Analysis project identified 'req-os' @ 20.5.17 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1371 Malicious code in install-pytest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c354c0f5dc76b96d0db0745a885c308a97e8edfa82d219fda8c353dd567b43d6 The OpenSSF Package Analysis project identified 'install-pytest' @ 1.12.7 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1366 Malicious code in guiconsoles (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24a3798623a3f68e4c418540b53aa81d86785aeb5618a02914aa14be4c4311ba The OpenSSF Package Analysis project identified 'guiconsoles' @ 1.0.5 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1160 Malicious code in docs-component-title (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1e4e933240e0533957a39c9132a6925469e069081320949dc198545fd1080a49 The OpenSSF Package Analysis project identified 'docs-component-title' @ 1.2.2 npm as malicious. It is considered malicious because: - The packa...

MAL-2023-1157 Malicious code in docs-component-folder-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 029903e7351485fc54de0e50d6f2f3c9c822895bd8d97930476b5a69f23dd6f9 The OpenSSF Package Analysis project identified 'docs-component-folder-selector' @ 1.0.6 npm as malicious. It is considered malicious because: -...

MAL-2023-167 Malicious code in cfa-styleguide (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5562a6cb1d5f239216be52c28e8d316e8ffe0f490d11978863202a6fcfcbe8bc Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-575 Malicious code in maddy_test (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx edb288f616afccdf20ab32d24f5f0616b0b2b91bcdb3d8f0d8bd60e1adbe6b0a Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-1204 Malicious code in hyrule-react-commons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b82bec5139c178e3b425e5e458a9c7b248b17db5192cf6178702cbb26822dba The OpenSSF Package Analysis project identified 'hyrule-react-commons' @ 2.0.1 npm as malicious. It is considered malicious because: - The packa...

ddev (>=1.4.2 <=2.1.0), hoppr (>=1.7.0 <=1.13.2) +2 more potentially affected by unknown CVE via in-toto (>=1.0.1 <=1.4.0)

in-toto PYPI version =1.0.1, =1.4.2, =1.7.0, =1.0.18, =1.4.9 - hoppr-openssf-scorecard =0.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-JJGP-WHRP-GQ8M...

ddev (>=1.4.2 <=2.1.0), hoppr (>=1.7.0 <=1.13.2) +2 more potentially affected by CVE-2023-32076 via in-toto (>=1.0.1 <=1.4.0)

in-toto PYPI version =1.0.1, =1.4.2, =1.7.0, =1.0.18, =1.4.9 - hoppr-openssf-scorecard =0.0.1 Source cves: CVE-2023-32076 Source advisory: OSV:GHSA-WC64-C5RV-32PF...

MAL-2023-1190 Malicious code in gql2ts-from-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7a1acee750c796d45e602f027ea638a05590a78bb142aca903bfb2bb169466a6 The OpenSSF Package Analysis project identified 'gql2ts-from-schema' @ 2.1.1 npm as malicious. It is considered malicious because: - The package...

ddev (>=1.4.2 <=2.1.0), hoppr (>=1.7.0 <=1.13.2) +2 more potentially affected by CVE-2023-32076 via in-toto (>=1.0.1 <=1.4.0)

in-toto PYPI version =1.0.1, =1.4.2, =1.7.0, =1.0.18, =1.4.9 - hoppr-openssf-scorecard =0.0.1 Source cves: CVE-2023-32076 Source advisory: OSV:PYSEC-2023-63...

MAL-2023-1410 Malicious code in spammingsynonym (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97a0609c600ca9bc940340f2595fb41607b5af5c3931f10350bea6aa3c9879ae The OpenSSF Package Analysis project identified 'spammingsynonym' @ 3.0.1 pypi as malicious. It is considered malicious because: - The package...