13252 matches found
MAL-2026-1893 Malicious code in aitrade (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in rowrap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 606ce541a3ef4a98e4e1639e96c6431e7ec83be6f987c640a63c03991eae4f6e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...
Malicious code in aniresolve (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c29943544c9e6ba7e0a3075c393fa1fa89673c99b73634c0263ef164e52ac306 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...
CVE-2026-32981
A path traversal flaw has been identified in Ray Dashboard in the Ray Pypi package. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the intended static directory,...
Malicious code in anistream (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 57e4902ca2172a78b93acf6ec1413ab098e72c158dc1ab74c3a84f28f50382f1 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...
MAL-2026-1499 Malicious code in anistream (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 57e4902ca2172a78b93acf6ec1413ab098e72c158dc1ab74c3a84f28f50382f1 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...
MAL-2026-1498 Malicious code in telegramdatas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 742799f83f7140514aa9a55c3f3efb5142ab1eaef68317a40e23a8f261e22b71 During import, an infostealer embedded as package resource is started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in robloxapi-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ff27677fd14eddf36fd58fee0bb539ef89fd596e83450c68f8dc0436350abfd6 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...
Malicious code in robloxapi-testy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f0221b6839d8882a9275e177ae71c7bed9cc15a96800e4cead5766c67f0dd042 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...
Malicious code in color-list (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 86ffbba2d1825f76d4c2baa6a8b7ecbe85514239934a3d7903745d17d4baf704 Malicious code hidden in the color-list package uses the presence of pretty-tabulate as a trigger to load code hidden in likely a third malicious package...
MAL-2026-1479 Malicious code in color-list (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 86ffbba2d1825f76d4c2baa6a8b7ecbe85514239934a3d7903745d17d4baf704 Malicious code hidden in the color-list package uses the presence of pretty-tabulate as a trigger to load code hidden in likely a third malicious package...
Malicious code in codeshouhu (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 4d37163d3341d79548bd0fd94d62539579ed5f7ba2e48c1810b8d4e20c964c1c This package runs a malicious payload when it is imported...
MAL-2026-1488 Malicious code in codeshouhu (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 4d37163d3341d79548bd0fd94d62539579ed5f7ba2e48c1810b8d4e20c964c1c This package runs a malicious payload when it is imported...
a10-octavia (>=1.0.0 <=2.2.0), a2grunnerp (>=0.1.0 <=0.1.8) +1514 more potentially affected by CVE-2026-27448 via pyopenssl (>=0.14.0 <=25.3.0)
pyopenssl PYPI version =0.14.0, =1.0.0, =0.1.0, =0.9.2, =2.3.36, =2.0.0, =2.4.15, =0.1.17, =0.1.0, =0.3.2, =2.8.1, =0.4.0, =0.2.0, =0.3.4 and more Source cves: CVE-2026-27448 Source advisory: SNYK:PYTHON-PYOPENSSL-15674458...
akurdyukov-tap-clickhouse (=0.0.1), asdjgasdghasdhjgasghd (=1.0.7) +81 more potentially affected by CVE-2026-32640 via simpleeval (>=0.9.1 <=1.0.4)
simpleeval PYPI version =0.9.1, =0.1.4, =0.1.0, =1.0.6, =0.0.5, =1.1.0, =0.1.3, =0.1.0, =0.3.0b1, =0.2.0, =0.1.0, =1.0.8 and more Source cves: CVE-2026-32640 Source advisory: OSV:PYSEC-2026-132...
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4229 via vanna (>=0.0.30 <=2.0.2)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4229 Source advisory: SNYK:PYTHON-VANNA-15674521...
Fedora 43 : python3.6 (2026-8ba3403ff7)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8ba3403ff7 advisory. Security fix for CVE-2025-12084 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
SUSE: Security Advisory (SUSE-SU-2026:0891-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2026:0873-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2026:10377-1 python312-3.12.13-2.1 on GA media
These are all security issues fixed in the python312-3.12.13-2.1 package on the GA media of openSUSE Tumbleweed...