10269 matches found
ROOT-APP-PYPI-CVE-2023-50944 CVE-2023-50944 in rootio-apache-airflow - Patched by Root
Root has patched CVE-2023-50944 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...
Malicious code in easyreg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2897582bf6c0c29d4fc679ee338263019a8a5d5bcb66b5ae2c59454d6c967d6a The package pretends to be a development helper but, in fact, downloads a remote executable. Dynamic analysis reveals actions like disabling Windows Defender a...
MAL-2026-917 Malicious code in aliyun-python-sdk-v2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 29bd2455a576643c51939bd166abab847afd04c3142b576e3f9f0c7978763181 Series of packages impersonating Alibaba Cloud. Two oldest hide code to run obfuscated code, but are likely to be used as dependency as the obfuscated code is...
MAL-2026-916 Malicious code in alibabacloude (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c45df7f85cfaba4bf141f0a17ba2d0987e080131bab1f1233798a1287d63fa7f Series of packages impersonating Alibaba Cloud. Two oldest hide code to run obfuscated code, but are likely to be used as dependency as the obfuscated code is...
Malicious code in arrayvec (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 39346af7e82bdb4aa8dca53b864258b9ffe328ea982aa3009b62b84d174ebe29 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-866 Malicious code in oraceldb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 723248915f1acb6de7c5bed00d0d554ced6b8cd6359d79436c8ab02f49f18360 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...
Malicious code in config-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f672e0a6f875d710a8851da211ff30828bda3755c9f9aebcb56fd0430b134ae5 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...
Malicious code in ntoctfutils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f65404ba7442c7d16e3f569b7c84afc4d1df23f9497ac3a6101d5ec3c168956f Importing the module downloads and runs a remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in teligram (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8090b17ada40e394e1d9df27c6fe6c22db7eed330f00e44ee1cc4d94bfbf3fef Package contains a Telegram bot for remote control of the machine. While this doesn't start automatically, this behavior is not disclosed by the package...
MAL-2026-810 Malicious code in thread-pipeline-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2d7de9849aa6d6194b8d6fdf574c6c56c3de7cb75ad338f2428fc7f1374e4280 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-790 Malicious code in p7zip-full (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 af6725a21a64c36ce8e101fd062bb45cb87fdb8cb62df47538390c6c1fc4323c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in credit-decision-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4a0320017dad96c95d4741c311ead566b7d6bea0c7ffdceea82b435ce74a40de Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...
MAL-2026-641 Malicious code in connections-api-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5d9023bd1b2434b0519e9f26fe6d776297700ef0d80c05ba50ead13c6e3d61bb Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in hangimani (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4eb1b67eac28a42f372ecaaca274a28d15972e3cc8e063492f977364538e6c41 During importing the module, package downloads a second-stage code from GitHub, which then runs an infostealer. After that, the downloaded code is removed ---...
A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able toupload a malicious version 1.1.5.post1 of the dydx-v4-client package.This version contains a highly obfuscated multi-stage loaderthat ultimately executes malicious code on the host system.While the final payload is not visible because ...
Malicious code in morty-package (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d87e4d2c5f3096d67a98e166e70ed6d4288c7d7554852e8d14bb60213f9a574b Package presents an extremely deep obfuscation of a code that is imported during installation. The exact behavior is unknown, but it includes loading encrypted...
Malicious code in pypi-package-explore (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 54257ec88b5f7a5bd69177f84a4c396ab208e727ba1c7b079056f1fab2705c37 Package presents an extremely deep obfuscation of a code that is imported during installation. The exact behavior is unknown, but it includes loading encrypted...
aiogithubapi (=23.11.0), authsignal (=2.0.1) +7 more potentially affected by CVE-2026-24408 via sigstore (>=2.0.0rc3 <=3.6.7)
sigstore PYPI version =2.0.0rc3, =1.50.0, =0.0.1, =0.0.6, =0.1.0, =0.19.0 Source cves: CVE-2026-24408 Source advisory: OSV:GHSA-HM8F-75XX-W2VR...
Malicious code in system-integration-toxi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 096a1a342309a85666ad92b45da1da18ca808e16c93819a3122b2c6bbc2a15d6 During importing the module, code downloads and executes a remote script. During the analysis of this package, the code was a placeholder, but the package is...
MAL-2026-469 Malicious code in cflashfiles (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d8c5174968b7dedf000076201fe6446018aa61048b6a77fc8bc42e16bb796fd9 Malicious clone of legitimate fsspec package. The code was modified to exfiltrate specific files on import. --- Category: MALICIOUS - The campaign has clearly...