114 matches found
PyFEX: Uncovering Evasive Python-Based Threats Via Resilient and Exhaustive Path Exploration
The rapid expansion of the Python ecosystem has fueled two distinct but converging threats: adversaries increasingly target the software supply chain via the Python Package Index PyPI, while also building evasive, cross-platform malicious binaries compiled from source code written in Python...
Malicious code in rostilesolver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
CVE-2026-3479
DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...
OESA-2026-1443 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...
MAL-2026-505 Malicious code in flask-hookserver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5afd1538994efa55632d3ed6d7c9fa419fb26c542b641a3efbd7b35501ea58 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Wheel security vulnerabilities
“wheel” is a command-line tool open-sourced by Python Packaging Authority. Versions of “wheel” prior to 0.46.1 contain security vulnerabilities. These vulnerabilities stem from the error handling of file permissions by the decompression function after extracting files, which may lead to privilege...
0x20bf (=0.0.1), 31 (=2.3.0) +4167 more potentially affected by CVE-2026-22701 via filelock (>=3.0.10 <=3.20.2)
filelock PYPI version =3.0.10, =0.0.3, =0.1.0, =1.0.5, =0.0.1b1, =0.2.3, =0.2.7 - ac-solver =0.1.0 - acceldata-o2a =1.0.0 and more Source cves: CVE-2026-22701 Source advisory: SNYK:PYTHON-FILELOCK-14912448...
01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3618 more potentially affected by CVE-2025-14929 via transformers (>=4.0.0 <=4.57.6)
transformers PYPI version =4.0.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14929 Source advisory:...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download...
Malicious code in humunculous591014 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c11577c61879e85aacda7ebb86fc8450c95b08a151e6a058b5ccbec46616c42d Package imitates Roblox API wrapper, but the only action is getting the public IP, suggesting it's a security research or malicious attempt --- Category:...
EUVD-2022-54059
Malicious code in bioql PyPI...
EUVD-2022-54447
Malicious code in bioql PyPI...
EUVD-2023-28423
Malicious code in bioql PyPI...
EUVD-2025-29938
Malicious code in bioql PyPI...
EUVD-2022-53945
Malicious code in bioql PyPI...
EUVD-2022-0364
Malicious code in bioql PyPI...
EUVD-2025-30194
Malicious code in bioql PyPI...
OESA-2025-2339 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 5 Summary: A...
pip 安全漏洞
pip is a Python package installer open-sourced by the Python Packaging Authority. A security vulnerability exists in pip that stems from a failure to check whether symbolic links point to extracted directories, which could lead to a path traversal attack...
[SECURITY] Fedora 42 Update: python-pip-24.3.1-5.fc42
pip is a package management system used to install and manage software packag es written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python"...