agent-actors (=0.1.0), agent-lab-sdk (>=0.1.7 <=0.1.16) +309 more potentially affected by CVE-2024-28088 via langchain (>=0.0.100 <=0.0.338)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.5, =0.0.14, =0.0.18 and more Source cves: CVE-2024-28088 Source advisory: OSV:GHSA-H59X-P739-982C...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +400 more potentially affected by CVE-2024-28088 via langchain (>=0.0.100 <=0.1.10)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.8 - airda =0.0.3 and more Source cves: CVE-2024-28088 Source advisory: OSV:PYSEC-2024-43...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +136 more potentially affected by CVE-2024-2057 via langchain-community (>=0.0.1 <=0.0.25)

langchain-community PYPI version =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.2.0, =0.1.0, =0.1.5, =0.0.13, =0.0.1, =0.0.13, =0.0.25 and more Source cves: CVE-2024-2057 Source advisory: OSV:PYSEC-2024-278...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +154 more potentially affected by CVE-2024-27319 via onnx (>=0.2.0 <=1.15.0)

onnx PYPI version =0.2.0, =0.1.0, =0.0.0, =0.0.157, =1.3.0, =0.0.9, =0.2.19, =0.0.1, =0.1.0, =0.0.0, =1.0.45, =1.44.0, =1.55.0 and more Source cves: CVE-2024-27319 Source advisory: OSV:GHSA-H8WV-9H96-M4HR...

a2grunnerp (>=0.1.0 <=0.1.8), aad-fastapi (>=1.0.0 <=1.1.2) +2297 more potentially affected by CVE-2024-26130 via cryptography (>=38.0.0 <=42.0.3)

cryptography PYPI version =38.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =2.3.36, =0.1.17, =0.3.4, =0.4.7, =0.3.2, =0.0.1, =0.1.1, =0.1.15 and more Source cves: CVE-2024-26130 Source advisory: OSV:PYSEC-2024-225...

abilian-devtools (>=0.5.15 <=0.7.3), aiden-ai (=0.2.0) +279 more potentially affected by CVE-2024-21503 via black (>=24.10.0 <=24.2.0)

black PYPI version =24.10.0, =0.5.15, =1.1.0, =1.1.20, =0.0.6, =0.2.0, =0.1.0, =0.1.2, =0.1.9, =0.1.0, =0.3.7.dev0, =0.9.5 - aus-council-scrapers =0.1.0 - autorunner-1-0-0 =1.0.0 and more Source cves: CVE-2024-21503 Source advisory: SNYK:PYTHON-BLACK-6256273...

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

Cybersecurity researchers have discovered two malicious packages on the Python Package Index PyPI repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttpe...

ayugespidertools (>=3.4.0 <=3.9.5), baotool (=1.0.1) +7 more potentially affected by CVE-2024-1892 via scrapy (>=2.0.1 <=2.11.0)

scrapy PYPI version =2.0.1, =3.4.0, =2.8.3, =0.3.0a0, =0.1.2, =0.2.3, =0.2.1, =0.4.0, =0.8.1 Source cves: CVE-2024-1892 Source advisory: OSV:GHSA-CC65-XXVF-F7R9...

0lever-utils (>=0.0.2 <=0.0.7), 0x-web3 (=5.0.0a5) +3044 more potentially affected by CVE-2023-50782 via cryptography (>=0.6.1 <=41.0.7)

cryptography PYPI version =0.6.1, =0.0.2, =0.1.0, =0.5.0rc5, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =1.0.0, =2.6.3, =2.3.36, =1.0.4, =2.0.0rc0 and more Source cves: CVE-2023-50782 Source advisory: OSV:GHSA-3WW4-GG4F-JR7F...

2vyper (=0.3.0), ape-dasy (=0.1.0) +30 more potentially affected by CVE-2024-24559 via vyper (>=0.1.0b12 <=0.4.0)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.7 and more Source cves: CVE-2024-24559 Source advisory: OSV:PYSEC-2024-147...

arbitragelab (>=0.9.1 <=1.0.0), buzzword (>=1.2.1 <=1.2.3) +92 more potentially affected by CVE-2024-21485 via dash (>=0.21.1 <=2.12.1)

dash PYPI version =0.21.1, =0.9.1, =1.2.1, =0.0.2a0, =0.0.1, =2020.5.21, =0.0.2, =0.0.2, =0.1.0, =0.1.3, =0.13.2, =3.0.0, =1.2.1, =0.0.107, =0.0.109 and more Source cves: CVE-2024-21485 Source advisory: OSV:PYSEC-2024-35...

PyCryptodome < 3.19.1 Side Channel Leak

The version of PyCryptodome installed on the remote host is prior to 3.19.1. It is, therefore, affected by a vulnerability. - A side-channel leakage with OAEP decryption could be exploited to carry out a Manger attack. CVE-2023-52323 Note that Nessus has not tested for this issue but has instead...

airi-test-task (=0.1.0), dtaledesktop (>=0.0.1 <=0.1.3) +13 more potentially affected by CVE-2024-21642 via dtale (>=2.16.0 <=3.22.0)

dtale PYPI version =2.16.0, =0.0.1, =0.1.0, =0.0.0.35, =0.1.1, =0.0.14, =0.0.5, =0.0.10, =1.0.0, =0.3.3, =0.1.0, =0.1.5 Source cves: CVE-2024-21642 Source advisory: OSV:GHSA-7HFX-H3J3-RWQ4...

3m (=0.1.0), accord-nlp (>=0.1.0 <=0.1.8) +809 more potentially affected by CVE-2023-6730 via transformers (>=2.10.0 <=4.35.2)

transformers PYPI version =2.10.0, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.0.4, =0.0.4, =0.0.11, =0.0.13, =0.0.15, =1.2.3, =1.3.106 and more Source cves: CVE-2023-6730 Source advisory: OSV:PYSEC-2023-300...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6940 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6940 Source advisory: OSV:GHSA-HVC6-42VF-JHF8...

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-46247 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-46247 Source advisory: OSV:PYSEC-2023-307...

casper7-plugin-meatball-day (>=0.1.0 <=0.4.2), piccolo-admin (>=0.3.1 <=0.4.0) +4 more potentially affected by CVE-2023-47128 via piccolo (>=0.74.4 <=0.96.0)

piccolo PYPI version =0.74.4, =0.1.0, =0.3.1, =0.2.0, =0.3.8, =0.0.22, =0.1.0, =0.1.6 Source cves: CVE-2023-47128 Source advisory: OSV:GHSA-XQ59-7JF3-RJC6...

BlazeStealer Malware Uncovered in Python Packages on PyPI

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Python Package Index PyPI repository is infiltrated with number of malicious python packages. These packages masquerade as obfuscation tools, however they harbor BlazeStealer malware, which initiates a...

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46446 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.16 and more Source cves: CVE-2023-46446 Source advisory: OSV:GHSA-C35Q-FFPF-5QPM...

Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation

Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including o...