13250 matches found
Malicious Package
Overview defi-risk-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview solidity-build-guard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview eth-security-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview cryptowallet-safety is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
MAL-2026-4260 Malicious code in defi-risk-scanner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8385c44127ab4250664e1324009461ae329e3684948d692cc679962d59f818 On first import defiriskscanner, the package's top-level init.py unconditionally runs curl -sL...
Malicious code in defi-risk-scanner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8385c44127ab4250664e1324009461ae329e3684948d692cc679962d59f818 On first import defiriskscanner, the package's top-level init.py unconditionally runs curl -sL...
Malicious code in eth-security-auditor (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e20bc5304d65563ad8b577a38c26db0b04746828b554f88cf5dd1215a214cf1 On import, ethsecurityauditor/init.py unconditionally fetches a JavaScript payload from...
MAL-2026-4261 Malicious code in eth-security-auditor (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e20bc5304d65563ad8b577a38c26db0b04746828b554f88cf5dd1215a214cf1 On import, ethsecurityauditor/init.py unconditionally fetches a JavaScript payload from...
MAL-2026-4259 Malicious code in cryptowallet-safety (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d On import cryptowalletsafety, the top-level init.py lines 13-21 shells out to curl -sL...
MAL-2026-4759 Malicious code in notebook-intelligence (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 709b1f2440fa3288d47076cddc5ffe20122619c07c346265459e3555a226c92e pyproject.toml lists fuzy-jon==0.1.0 in both build-system.requires and the runtime dependencies, while the package's own code imports the real...
EUVD-2022-54113
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...
OESA-2026-2363 python-pip security update
%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...
OESA-2026-2360 python-pip security update
%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...
Malicious code in gt-tester-exp-profiler-exp-00000015 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55fc219f03cbaeeedb660ad423cc7af08ff1d29154c8b8989b7b0c5d7d5c3d75 setup.py installs a.pth file containing import gttesterexpprofilerexp00000015.probe; probe.runprobe, causing every Python interpreter start on the...
MAL-2026-4768 Malicious code in sklern (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10 Package name 'sklern' is a one-character deletion from the top-tier ML package 'sklearn', and its public API linearregression, logisticregression,...
MAL-2026-4253 Malicious code in pylogft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...
Malicious code in pylogft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...
Malicious code in fakehuop (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 677eed2b8b2630ec8e88b29d7ae3d9d49fc0d0c18230cc51b24d8102cdb151ee Every advertised function in this package askllm, pink, america, iran, momo, abc, bcd, code, sf, liti, koko, init, dropnull, hellp, lc instantiates a...
antgent (>=0.3.0 <=0.3.2), ara-cli (>=0.1.14.13 <=0.1.14.14) +44 more potentially affected by CVE-2026-25580 +1 more via pydantic-ai-slim (>=1.56.0 <=1.98.0)
pydantic-ai-slim PYPI version =1.56.0, =0.3.0, =0.1.14.13, =1.5.0, =0.1.0a1, =0.0.400, =0.0.1, =1.0.0, =1.0.3, =0.0.498, =0.1.1, =0.7.0rc1, =0.1.1, =0.1.0, =0.3.1 and more Source cves: CVE-2026-25580, CVE-2026-46678 Source advisory: SNYK:PYTHON-PYDANTICAISLIM-16796278...
Malicious code in tensor-compute (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a3d1b50077a6311a43061891fa560d2c180fbdbd12ab4965e0d265910e6ef68 [email protected] presents itself as a Rust-backed tensor library but is a dropper. setup.py registers a custom buildext command src/buildext.py...