Malicious code in sympy-dev (PyPI)

Package downloads and executes code from remote servers, indicating malicious behavior. Multiple files and IPs involved. Package impersonates popular sympy package...

EUVD-2026-3707

Malicious code in anduril-lattice-sdk-grpc-python PyPI...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

Malicious code in medifile (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c005d95a9b1b91118e9306168ce69163190184714fe53c65b7ba716e867c8da Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in legendevil1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3188a850ecb974606264f28634afaca67ec2f49c1c759cf590aa39ba19e50452 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

EUVD-2026-2012

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

PT-2026-2804

Name of the Vulnerable Software and Affected Versions GuardDog versions prior to 2.7.1 Description GuardDog, a CLI tool for identifying malicious PyPI packages, contains a flaw in its safe extract function. This function does not validate the size of decompressed files when handling ZIP archives,...

CVE-2022-31313

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package...

CVE-2022-23530

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

CVE-2022-0339

Server-Side Request Forgery SSRF in Pypi calibreweb prior to 0.6.16...

EUVD-2026-1102

Malicious code in robustinfer PyPI...

SourceBroken: A Large-Scale Analysis on the (Un)Reliability of SourceRank in the PyPI Ecosystem

SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at inflating the score of malicious packages, thereby...

Malicious code in extrazip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f58777710463b043a0724ad1d7999807501b56667a10eced314fd036e9303fdf During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

Malicious code in telebot-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae13454f920b5cce1011546e4802ed263ce8218d4b484ef8471142abb42c3f3e The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

EUVD-2025-205380

Malicious code in aiogram-sever-patch PyPI...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3618 more potentially affected by CVE-2025-14929 via transformers (>=4.0.0 <=4.57.6)

transformers PYPI version =4.0.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14929 Source advisory:...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3618 more potentially affected by CVE-2025-14921 via transformers (>=4.0.0 <=4.57.6)

transformers PYPI version =4.0.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14921 Source advisory:...

Malicious code in blastchamber-python-pypi (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-192658 Malicious code in connections-api-hidden-runner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae6bedba7c21e763c5a0e27952cf75a13a7705e7681027c87a833417a2035b70 Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in f5rest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f8084e3c4c369a7dc22b67657aa22f3faf8e9b98df2721c9ff4e4c17d36fe028 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...