10286 matches found
MAL-2024-1333 Malicious code in threadxpools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41a0be6e9aa8db3965bae9f646d47ad6cb85ac9600c8bd71358409062b8fe105 The OpenSSF Package Analysis project identified 'threadxpools' @ 1.2 pypi as malicious. It is considered malicious because: - The package...
Setuptools: Denial of Service
Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...
[SECURITY] Fedora 38 Update: python-pip-22.3.1-4.fc38
pip is a package management system used to install and manage software packag es written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python"...
Python's PyPI Reveals Its Secrets
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...
Python's PyPI Reveals Its Secrets
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...
MAL-2024-1254 Malicious code in reqargs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9d1ba9bc54763d8ec8336f0edc8d5997d5fb080801556f288a4935dac06d4878 The OpenSSF Package Analysis project identified 'reqargs' @ 1.4 pypi as malicious. It is considered malicious because: - The package communicate...
python3.11-pip bug fix and enhancement update
An update is available for python3.11-pip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list pip is a package management system used to install and manage software...
MAL-2024-1202 Malicious code in lyft-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2fa096ec56c6910a67c11cdb8b7ebb3bede054bf1ea7eb926fff07e2265c00dc The OpenSSF Package Analysis project identified 'lyft-core' @ 999.3.9 pypi as malicious. It is considered malicious because: - The package...
PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers
The maintainers of the Python Package Index PyPI repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. PyPI said "new project creation and new user registration" was temporarily halted to mitigate what it said was a...
PyPI Suspends New Projects and Users Due to Malicious Packages
By Waqas Are you a Python developer? Here's what you need to know! This is a post from HackRead.com Read the original post: PyPI Suspends New Projects and Users Due to Malicious Packages...
MAL-2024-1185 Malicious code in sparklog (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fa3ac41199a392a32d649e60da4ff9d98d6ceb0d956297d976ce3b5dc948dc91 The OpenSSF Package Analysis project identified 'sparklog' @ 0.0.3 pypi as malicious. It is considered malicious because: - The package executes...
MAL-2024-1186 Malicious code in types-for-adobe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 927dcbc233169c84ab7ef0e97232782f6bb821d476409cc6ccc8587995dabdc8 The OpenSSF Package Analysis project identified 'types-for-adobe' @ 99.3.9 pypi as malicious. It is considered malicious because: - The package...
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover v...
MAL-2024-1144 Malicious code in google-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6e7f92b7d079e1dd3eac61bdcb4202ec2e5415b3925d6cf58b0a7bad0e20159f The OpenSSF Package Analysis project identified 'google-requests' @ 99.3.9 pypi as malicious. It is considered malicious because: - The package...
MAL-2024-1142 Malicious code in lyft-service (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5c5cfee894c744725e11bab2574205709667faf82490a31e44b35c9e447fd962 The OpenSSF Package Analysis project identified 'lyft-service' @ 9.99.1 pypi as malicious. It is considered malicious because: - The package...
MAL-2024-1111 Malicious code in business-kpi-manager (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 273b321944297087263b5b5821cab2c1f54c8c91e75998fe8c8bca26b8ffb0b7 The OpenSSF Package Analysis project identified 'business-kpi-manager' @ 5.9.1 pypi as malicious. It is considered malicious because: - The...
CVE-2024-29151
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI...
CVE-2024-29151
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI...
CVE-2024-29151
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI...
CVE-2024-29151
Summary (CVE-2024-29151) Rocket.Chat.Audit (through 5ad78e8) depends on the Python package filecachetools , which is reported as not existing in PyPI. This dependency issue is cited across the CVE entries (NVD/Red Hat/CVE records) and is the root cause described in multiple sources. According to ...