MAL-2024-4723 Malicious code in 1923tsl1 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4721 Malicious code in 18923aa (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4720 Malicious code in 1337test (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1643 Malicious code in quickwebbasicauth (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e8ebea7be43f522c7fd45c4793bcac3b33c5ffafa2dc9ea3e0f28657bc650819 The OpenSSF Package Analysis project identified 'quickwebbasicauth' @ 2.3.2 pypi as malicious. It is considered malicious because: - The package...

MAL-2024-1624 Malicious code in importlib-metadate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b6db8994d6a78a5d0d95df2d0add2257ee6188f8c5419cbd7e2813426739d15d --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: baidu-readver Reasons based on the campaign: - The package...

MAL-2024-1625 Malicious code in nt4padyp3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ccc059efb56cb7ca8b8c413c9b0711b900e5b98d371c30e58b3a5056f5c06d18 --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: baidu-readver Reasons based on the campaign: - The package...

Exploit for SQL Injection in Valvepress Automatic

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

MAL-2024-1548 Malicious code in tensorfioi (PyPI)

This package is considered malicious because it communicates with an unknown host via a Telegram channel...

MAL-2024-1547 Malicious code in requestn (PyPI)

This package is considered malicious because it extracts OS files of the localhost and sends the contents to an unknown Telegram channel...

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index PyPI repository that's designed to deliver an information stealer called Lumma aka LummaC2. The package in question is crytic-compilers, a typosquatted version of a legitimate library named...

MAL-2024-1396 Malicious code in numberpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e10120613afbbf32d487584c68eaf1ae7f4fc0674f1f119d86beae630a3b9070 The OpenSSF Package Analysis project identified 'numberpy' @ 0.1.0 pypi as malicious. It is considered malicious because: - The package...

MAL-2024-1397 Malicious code in reqwestss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1b49654324e091538657038a1288d05e2879c02d73bec38baeae681b0a26f5b9 The OpenSSF Package Analysis project identified 'reqwestss' @ 0.1.0 pypi as malicious. It is considered malicious because: - The package...

Cybercriminals Abuse Stack Overflow to Promote Malicious Python Package

Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index PyPI repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing...

Fedora: Security Advisory for python-pip (FEDORA-2024-600031d2e9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2024-9968 Malicious code in discord-react (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bc34a3a31bb6498c18b917bfd0c3049006f5c630220a45dbef402db8ef290775 The OpenSSF Package Analysis project identified 'discord-react' @ 0.0.0.1 pypi as malicious. It is considered malicious because: - The package...

MAL-2024-1365 Malicious code in testpkg3322 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0204f7c4871e3d89a002e58fe4aa1f47b3e64d810fac531fbd8aa992929e0a60 The OpenSSF Package Analysis project identified 'testpkg3322' @ 2.35.8 pypi as malicious. It is considered malicious because: - The package...

PT-2024-6447

Name of the Vulnerable Software and Affected Versions PyPi affected versions not specified Description The issue is related to the try match function in PyPi, a Python package repository, which improperly handles case sensitivity. This can be exploited by a remote attacker to bypass CORS policy b...

MAL-2024-1334 Malicious code in multiconnections (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d080fb698cec14d7c79b82bff9f6ca58764dbfcd5b487ea88e5822e59e1d74cb The OpenSSF Package Analysis project identified 'multiconnections' @ 2.34.23 pypi as malicious. It is considered malicious because: - The packag...

MAL-2024-1333 Malicious code in threadxpools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41a0be6e9aa8db3965bae9f646d47ad6cb85ac9600c8bd71358409062b8fe105 The OpenSSF Package Analysis project identified 'threadxpools' @ 1.2 pypi as malicious. It is considered malicious because: - The package...

Setuptools: Denial of Service

Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...