MAL-2026-2173 Malicious code in aristanetworks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 734e78214abbde694d6041663ec7e34bb9f31c9265856540de7a1c0a8ffe5e33 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2179 Malicious code in python-glue (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 df7fb99f81d8afd1a93e643a95ebb6d2a873e73b15ae8c6fada22746ccf7037f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in torchunmix (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bee332cb141dec3033a9c1590cfb3df81e7dfa66dd4a4ce0072ccc92f9301891 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2150 Malicious code in snooty (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f8ab89ca752c54d473b700a5521cb00a7d1d54a50debaa5be8be438c778a5f6b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2149 Malicious code in sentry-filter-forks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed033104f960de0ad156fa893787d61423bed78d98f2b8fcf77860bf9a493900 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2147 Malicious code in mattermost-airflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 667be9d0c5eaea7acdf1c2593165304280ef7b67bfbf4d8c0f36065836fe834c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in databricks-clean-room-orchestrator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in roboat-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 869ea4b94181bc5ef23562a4d749b462fb7079112cca74072ee9036fb397921f During installation, a malicious executable is downloaded and run. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Malicious code in roboated (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c9f3bba9c27e61fbe6934c9d130ada39dd87f7b7c376fe33609be1ecbaf96e2 During installation, a malicious remote executable is downloaded and run --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2026-2143 Malicious code in roboated (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c9f3bba9c27e61fbe6934c9d130ada39dd87f7b7c376fe33609be1ecbaf96e2 During installation, a malicious remote executable is downloaded and run --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2026-2140 Malicious code in coreloader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5d7c219be7c779fe573e80949a521df2a096e7358be92f99cee6a50dd252e09 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...

PYSEC-2026-2 Two litellm versions published containing credential harvesting malware

After an API Token exposure from an exploited Trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. The malicious code runs during importing any module from the...

Two litellm versions published containing credential harvesting malware

After an API Token exposure from an exploited Trivy dependency,two new releases of litellm were uploaded to PyPI containing automatically activated malware,harvesting sensitive credentials and files, and exfiltrating to a remote API.The malicious code runs during importing any module from the...

Malicious code in rocketpill (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-2401 Malicious code in rocketpill (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in flycalc (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-2399 Malicious code in flycalc (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...

MAL-2026-2201 Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...

Malicious code in litellm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6a89401cbf53902e8374fbf3b424a77bb5e5f8c437176232eab7c3237d10ecbe LiteLLM was compromised through trivy security scan in a GitHub workflow. Attackers uploaded malicious versions of LiteLLM to PyPI. The...