Lucene search
K

13257 matches found

OSV
OSV
added 6 hours ago9 views

ROOT-APP-PYPI-CVE-2026-34993 CVE-2026-34993 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34993 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

7.3CVSS7.8AI score0.00128EPSS
Exploits0
OSV
OSV
added 9 hours ago7 views

ROOT-APP-PYPI-CVE-2023-44271 CVE-2023-44271 in rootio-pillow - Patched by Root

Root has patched CVE-2023-44271 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.01038EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago9 views

Malicious code in tdata-grabber (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b4c3b37df5e3d08d7bc6ad736e0231ed0dc655640ffdf0dc403f4029ace2787 Package name explicitly declares its purpose as harvesting Telegram Desktop session data tdata directory. The tdata folder contains live authenticate...

5.8AI score
Exploits0References2
OSV
OSV
added 3 days ago7 views

MAL-2026-6560 Malicious code in tdata-grabber (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b4c3b37df5e3d08d7bc6ad736e0231ed0dc655640ffdf0dc403f4029ace2787 Package name explicitly declares its purpose as harvesting Telegram Desktop session data tdata directory. The tdata folder contains live authenticate...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in fsociety-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
OSV
OSV
added 5 days ago3 views

PYSEC-2026-235 Malicious code in ppkt2synergy (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of ppkt2synergy were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials an...

5.8AI score
Exploits0References3
OSV
OSV
added 5 days ago3 views

PYSEC-2026-234 Malicious code in phenopacket-store-toolkit (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of phenopacket-store-toolkit were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates...

5.8AI score
Exploits0References3
OSV
OSV
added 5 days ago4 views

MAL-2026-6504 Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

6.5AI score
Exploits0References7
OSV
OSV
added 6 days ago3 views

PYSEC-2026-233 Malicious code in gpsea (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of gpsea were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/24 2:1 p.m.3 views

PYSEC-2026-232 Malicious code in ensmallen (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of ensmallen were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/24 8:9 a.m.5 views

ROOT-APP-PYPI-CVE-2026-24049 CVE-2026-24049 in rootio-wheel - Patched by Root

Root has patched CVE-2026-24049 in the rootio-wheel package for Root:PyPI. Multiple fixed versions available...

7.1CVSS5.4AI score0.00311EPSS
Exploits2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.5 views

Malicious code in ditenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb setup.py overrides the install and egginfo commands with a RunCommand class that fires unconditionally on pip install or pip download. The override...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:40 a.m.6 views

Malicious code in fkaks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44e1f1158eda01d3f18e3a3c01e30ebc9f8f92780ea532a63cf6ed31d8a25d3 fkaks 0.0.1 ships a setup.py that overrides the install and egginfo commands so that any pip install or pip download of the package unconditionally...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/06/23 3:42 p.m.11 views

ROOT-APP-PYPI-CVE-2026-21860 CVE-2026-21860 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2026-21860 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00424EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:7 p.m.7 views

Malicious code in toorc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cfd36909e089f17439dd3227c6f5ccef2fef2964dc26bbdbaaef0481b54615d On pip install and even pip download, the package's setup.py overrides the install and egginfo commands to execute a RunCommand routine that serializ...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/23 12:7 p.m.7 views

MAL-2026-6289 Malicious code in equest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfe07e7f1e241dde491d3d6f5553ed2247a6f8e1dfdf34b0eaa9943a2cba5094 The package name equest is a one-character deletion of the widely-used requests package and ships no functional library code. setup.py registers cust...

6.6AI score
Exploits0References2
OSV
OSV
added 2026/06/23 9:47 a.m.12 views

ROOT-APP-PYPI-CVE-2025-66471 CVE-2025-66471 in rootio-urllib3 - Patched by Root

Root has patched CVE-2025-66471 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00622EPSS
Exploits0
OSV
OSV
added 2026/06/23 9:47 a.m.5 views

ROOT-APP-PYPI-CVE-2024-37891 CVE-2024-37891 in rootio-urllib3 - Patched by Root

Root has patched CVE-2024-37891 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

4.4CVSS8.3AI score0.01141EPSS
Exploits1
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

CVE-2026-9669 vulnerabilities

Vulnerabilities for packages: python...

8.2CVSS5.8AI score0.00376EPSS
Exploits0
Rows per page
Query Builder