4 matches found
Malicious Package
Overview credential-verification-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2025-101311 Malicious code in delicious_cricket-appteadev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c844b7bb9a7b8543413bd39ad20aab37c40893ffb079b4efc22c9bb1151d6198 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PYSEC-2025-153
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...
CVE-2025-10157 PickleScan Bypasses Unsafe Globals Check Using Submodule Imports
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...