Malicious code in glass-of-water (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-4277 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-4277 Source advisory: OSV:PYSEC-2026-52...

Malicious code in batch-shipyard (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 83ca35f9b1e5fc77913037dde16ad175609dddc219e613c9dae7f752b112568f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +1 more potentially affected by CVE-2026-4229 via vanna (>=0.0.30 <=2.0.2)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4229 Source advisory: SNYK:PYTHON-VANNA-15674521...

aiodatalayer (>=1.0.0 <=2.3.1), aiotieba-reviewer (>=0.5.0 <=0.6.2) +65 more potentially affected by CVE-2025-65896 via asyncmy (>=0.2.10 <=0.2.9)

asyncmy PYPI version =0.2.10, =1.0.0, =0.5.0, =1.0.8, =2.0.9, =1.0.8, =0.1.0, =1.0.0, =1.3.9, =0.1.1, =0.1.0, =0.2.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3 and more Source cves: CVE-2025-65896 Source advisory: SNYK:PYTHON-ASYNCMY-14185104...

EUVD-2022-0052

Malicious code in bioql PyPI...

EUVD-2022-0133

Malicious code in bioql PyPI...

EUVD-2022-0062

Malicious code in bioql PyPI...

EUVD-2022-0371

Malicious code in bioql PyPI...

EUVD-2022-0058

Malicious code in bioql PyPI...

decima2 (>=0.1.0 <=0.2.1), gpbench (>=1.0.3 <=1.2.2) +8 more potentially affected by CVE-2025-8747 via keras (>=3.0.0 <=3.10.0)

keras PYPI version =3.0.0, =0.1.0, =1.0.3, =0.0.28, =2.4.0, =0.1.0, =0.1.1, =1.1.0, =1.0.0, =1.1.0 Source cves: CVE-2025-8747 Source advisory: SNYK:PYTHON-KERAS-11775502...

Malicious code in runway-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab69fc94c1b9d37312b22a4c970856a3b27f84b4f7e957ff2771a2244a527264 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2022-40806

The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

CVE-2022-42040

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

python311-mechanize-0.4.10-1.4 on GA media (moderate)

python311-mechanize-0.4.10-1.4 on GA media Announcement ID: openSUSE-SU-2025:15098-1 Rating: moderate Cross-References: CVE-2021-32837 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

python311-aiohttp-3.11.16-1.1 on GA media (moderate)

python311-aiohttp-3.11.16-1.1 on GA media Announcement ID: openSUSE-SU-2025:14998-1 Rating: moderate Cross-References: CVE-2024-12254 CVSS scores: CVE-2024-12254 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-12254 SUSE : 8.7...

RHEL 8 : python-jinja2 (RHSA-2025:2612)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:2612 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

OPENSUSE-SU-2025:14759-1 python312-3.12.9-1.1 on GA media

These are all security issues fixed in the python312-3.12.9-1.1 package on the GA media of openSUSE Tumbleweed...

acedeploy (>=2.4.15 <=2.4.115), arreyy (=0.0.1) +89 more potentially affected by CVE-2025-24794 via snowflake-connector-python (>=2.7.12 <=3.13.0)

snowflake-connector-python PYPI version =2.7.12, =2.4.15, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =0.7.0, =0.7.3 and more Source cves: CVE-2025-24794 Source advisory: OSV:PYSEC-2025-27...

Fedora: Security Advisory (FEDORA-2024-5ea38dfb80)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...