10272 matches found
MAL-2025-943 Malicious code in lransrlasn (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-924 Malicious code in fgh (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-921 Malicious code in eth-web3 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-903 Malicious code in breqest (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-899 Malicious code in alrsnlaseast (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-898 Malicious code in account-eth (PyPI)
--- -= Per source details. Do not edit below this line.=-...
PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages
The maintainers of the Python Package Index PyPI registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any...
GHSA-GVVW-RR8M-FJ76 uniapi version 1.0.7 contained an information harvesting script.
uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...
uniapi version 1.0.7 contained an information harvesting script.
uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...
Malicious code in reque (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8ce48406d7fce137de7e9a500179d7d6fcc5857714587372c977c5d6793cad30 Clone of the requests package that modified the code to send all get and post requests to a hardcoded URL --- Category: MALICIOUS - The campaign has clearly...
MAL-2025-1994 Malicious code in requesttss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 12a8bc9313963cfa671547d93bfa32236afe6b7dfeeec048633a547aa05dbc12 Clone of the requests package that modified the code to send all get and post requests to a hardcoded URL --- Category: MALICIOUS - The campaign has clearly...
MAL-2025-1989 Malicious code in reque (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8ce48406d7fce137de7e9a500179d7d6fcc5857714587372c977c5d6793cad30 Clone of the requests package that modified the code to send all get and post requests to a hardcoded URL --- Category: MALICIOUS - The campaign has clearly...
PYSEC-2025-2 uniapi version 1.0.7 contained an information harvesting script.
uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...
uniapi version 1.0.7 contained an information harvesting script.
uniapi version 1.0.7 introduces code that would executeon import of the module and download a script from a remote URL,and would then execute the downloaded script in a thread.The downloaded script would harvest system informationand POST the information to another remote URL.This code was found ...
MAL-2025-1983 Malicious code in mlc-llm-nightly-cu123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 99d49619be0a9e2bcedb22bd4ea489b5cb31a56558e763a78fd09a6f948f2d9e Installing the package exfiltrates information about the host, including environmental variables. --- Category: MALICIOUS - The campaign has clearly malicious...
MAL-2025-1980 Malicious code in mlc-ai-nightly (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7f1b0b9f87631941501e2d04d9eab7f1cd7232f770812e3373b736f9e682dc2a Installing the package exfiltrates information about the host, including environmental variables. --- Category: MALICIOUS - The campaign has clearly malicious...
MAL-2025-1982 Malicious code in mlc-ai-nightly-rocm62 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d19b7d0a36e093c723972a96552235036df64fd3c5e2ba6bb85d979a4c65c00d Installing the package exfiltrates information about the host, including environmental variables. --- Category: MALICIOUS - The campaign has clearly malicious...
MAL-2025-2942 Malicious code in awsglueml (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8a7eb55169fa28d500f750382641170b6a921f1ebca4e715a10d33b05ff78f8b This is a couple of packages with names appearing to be a library for an AWS or other service. Their only behaviour is to call home on installation or import -...
MAL-2025-2940 Malicious code in aws-glue (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 96424ced6ac0c4b9f671c5f7f03b4b99f7354e1eb2c48aba76f405f078a62ec6 This is a couple of packages with names appearing to be a library for an AWS or other service. Their only behaviour is to call home on installation or import -...
MAL-2025-2936 Malicious code in amzn-awsglue (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d53712580b3109807a0911c66dab7e45fa9f2968c76e2f31b5f0a23d23b03373 This is a couple of packages with names appearing to be a library for an AWS or other service. Their only behaviour is to call home on installation or import -...