10271 matches found
EUVD-2022-0394
Malicious code in bioql PyPI...
01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +24855 more potentially affected by CVE-2025-55552 via torch (>=1.0.0 <=2.8.0)
torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-55552 Source advisory: OSV:PYSEC-2025-204...
MAL-2025-191892 Malicious code in terminalcolornew (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5a555882888b9895fbe7575cc6121cad44600e17fb64d7551cacc33b29f2ae9f If used, the code attempts to take a photo using the computer's camera and exfiltrates it --- Category: MALICIOUS - The campaign has clearly malicious intent,...
MAL-2025-191806 Malicious code in onnxruntime-winml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5566aa4ecc644b36e90902092563c05e1852d751381539398f2307ae1fbefae6 Package is just calling home and there is no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anything th...
Malicious code in onnxruntime-winml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5566aa4ecc644b36e90902092563c05e1852d751381539398f2307ae1fbefae6 Package is just calling home and there is no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anything th...
Malicious code in private-evolution (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b0fcdd3ad61af1881ab9e5e8b9fb871a0e142868c0be585594fcd32b5f069f6c Package is just calling home and there is no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anything th...
GHSA-VXMW-7H4F-HQXH PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps
Summary gh-action-pypi-publish makes use of GitHub Actions expression expansions i.e. $ ... in contexts that are potentially attacker controllable. Depending on the trigger used to invoke gh-action-pypi-publish, this may allow an attacker to execute arbitrary code within the context of a workflow...
MAL-2025-47782 Malicious code in learning-pypi-demo-nisimi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0b3a0d62b36ae3a2e643a327b7cf5b88366d4a8a89381eca570f34c453f1eaf4 Installing packages exfiltrates data different in different packages and versions or run revshells --- Category: MALICIOUS - The campaign has clearly malicious...
Malicious code in learning-pypi-demo-nisimi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0b3a0d62b36ae3a2e643a327b7cf5b88366d4a8a89381eca570f34c453f1eaf4 Installing packages exfiltrates data different in different packages and versions or run revshells --- Category: MALICIOUS - The campaign has clearly malicious...
MAL-2025-41774 Malicious code in testcase100 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41767 Malicious code in spykes (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41763 Malicious code in some-other-package (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41748 Malicious code in reversepkg (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Linux Distros Unpatched Vulnerability : CVE-2020-13328
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files AP...
Malicious code in xx-ent-wiki-sm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5ebf0745c51c955dbe898efb0f6b721f30dd75edc24b4ee234e8574cee3da9d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-191651 Malicious code in my-first-pypi-demo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f789a8192ed7a62a0fa9327e495ac8ca2658ff556673ca8d207f7954204ec160 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in hashstation (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c4f136247c8a57eee83a1a36ee355c982d900b5f5b570a0936dc1df68db6d5f2 When using methods from the package, it downloads an obfuscated code from Github and puts it in multiple localisation. While it appears that this code is used ...
Malicious code in jsonist (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4c74a199a696dbc18994242bc3c29e9a018ddda51fa2bbe224620d9ded6f1818 Calling a method starts downloading and starting an infostealer script --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2025-47804 Malicious code in titifel-pypi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 246211906386c6795c3728d15bf42f5b9083257d1964d8dc21bcda833dd6363c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in titifel-pypi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 246211906386c6795c3728d15bf42f5b9083257d1964d8dc21bcda833dd6363c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...