MAL-2026-2310 Malicious code in lakeflow-community-connectors (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 931d6183e0dc407fb2c14769dcebb7d1845f4af9ca0b26766d75d783b5611165 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in zzzzthisisitwantsafecheckitzzzz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fbef17827bf88f06c2278d700e386c98e2f1360fd533ba1415c9060ff56a037f During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...

MAL-2026-2309 Malicious code in zzzzthisisitwantsafecheckitzzzz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fbef17827bf88f06c2278d700e386c98e2f1360fd533ba1415c9060ff56a037f During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...

Malicious code in databaseroboats (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 758a06f15ef5917ecf964bae5fa46f084b028b69c8dd133acb90da972f6a6f09 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

GHSA-955R-262C-33JC Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.2

Summary On March 27, 2026, a threat actor used compromised PyPI credentials to publish malicious versions 4.87.1 and 4.87.2 of the telnyx Python package directly to PyPI. These versions contain credential-stealing malware and were not published through the legitimate GitHub release pipeline...

agentic-ai-vass-tools (>=0.1.0 <=0.4.0), agenticos (>=0.0.1 <=0.0.3.155020) +24 more potentially affected by CVE-2026-2285 via crewai-tools (>=0.12.1 <=1.11.0)

crewai-tools PYPI version =0.12.1, =0.1.0, =0.0.1, =0.2.0, =0.1.7, =0.2.6, =0.1.0, =0.5.42, =0.74.0, =0.0.6, =0.0.2, =0.1.0.dev7, =0.1.1.dev6 and more Source cves: CVE-2026-2285 Source advisory: SNYK:PYTHON-CREWAITOOLS-15922426...

Malicious code in spanner-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 659a15d63f794432104121cf729687768f76fa3dadd0b4ae9d8c9327021122af Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2304 Malicious code in spanner-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 659a15d63f794432104121cf729687768f76fa3dadd0b4ae9d8c9327021122af Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in prodaccess (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71f3b91c61448eb2dee3cfb46f56b4e38dab0202af78c52163d5b6ab98e85c2d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in dremel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27df3a2ebf6e129a3e640d55b9dd03b5f21cef1694cd6ccdae97e456f098ce2c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2301 Malicious code in dremel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27df3a2ebf6e129a3e640d55b9dd03b5f21cef1694cd6ccdae97e456f098ce2c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in loas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0177c14c2fb08f69729838152272244428733a8e3682c3cbdc6780ea2fab6e38 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2302 Malicious code in loas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0177c14c2fb08f69729838152272244428733a8e3682c3cbdc6780ea2fab6e38 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

SUSE: Security Advisory (SUSE-SU-2026:1076-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:1090-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-5239-WWWM-4PMQ vulnerabilities

Vulnerabilities for packages: text-generation-inference, litellm, datadog-agent, nemo, datahub-ingestion-fips, ggshield, kserve, tritonserver-backend-vllm-cuda-12.9, py3.14-pygments, mycli, py3-pygments, ansible-operator-fips, opal, request-1276, dask-kubernetes, datahub-ingestion, airflow,...

Malicious code in hiveos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 632c5c53f72df87d7b0d9843df212e147e729699ffe5e7f6c20e3cd41fa13f64 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +23 more potentially affected by unknown CVE via opencc (>=0.2.0 <=1.1.9)

opencc PYPI version =0.2.0, =0.3.0, =0.8.0, =0.1.0, =1.1.0, =0.0.1, =0.0.1, =1.0.0, =1.0.8 - nemo-curator =0.5.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-7FQQ-Q52P-2JJG...

MAL-2026-2291 Malicious code in pychatz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 adc76f6c0051f3b8b31b378b6b6078e553750338e2489de9de83315bea349657 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2292 Malicious code in safecheckit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 84f17b127af2c89551ea0059e4741da3fb5158405fbeabf042f7d5d89a098b21 During installation the package downloads and installs two executables identified as backdoors trojans. --- Category: MALICIOUS - The campaign has clearly...