EUVD-2025-10909

Malicious code in bioql PyPI...

Malicious code in biggy-deezer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd10df9c64d337296146770abec6dffd39f38b2ef00323b91816164b3e24f9a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4062 Malicious code in biggy-deezer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd10df9c64d337296146770abec6dffd39f38b2ef00323b91816164b3e24f9a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-32439

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

CVE-2025-32439

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

CVE-2025-32439

CVE-2025-32439 affects pleezer prior to version 0.16.0. Root cause: hook scripts are spawned without proper child process cleanup, causing zombie processes to accumulate with each track change and playback event. This can lead to resource exhaustion as the system process table fills, potentially ...

CVE-2025-32439 pleezer allows resource exhaustion through uncollected hook script processes

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

pleezer 安全漏洞

pleezer is a Deezer Connect player by the individual developer Roderick van Domburg. A security vulnerability exists in versions of pleezer prior to 0.16.0, which stems from a hook script that does not properly clean up processes, potentially leading to the accumulation of zombie processes...

PYSEC-2025-4 When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the automslc package is a Python library that bypasses Deezer API restrictions to download music. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

PYSEC-2025-5 Exfiltrates user cookies to hardcoded server endpoint during normal operations

Published in 2020, the autodzee package is a Python library that bypasses Deezer API restrictions to download music. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

PYSEC-2025-3 When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the autodzee package is a Python library that bypasses Deezer API restrictions to download music. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

Exfiltrates user cookies to hardcoded server endpoint during normal operations

Published in 2020, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the automslc package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

Cybersecurity researchers have flagged a malicious Python library on the Python Package Index PyPI repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been downloaded over 104,000 times to date. First publish...

PT-2025-8755 · Automslc · Automslc

Name of the Vulnerable Software and Affected Versions: automslc affected versions not specified Description: The automslc package, a Python library that bypasses Deezer API restrictions to download music, was found to exfiltrate user data to a hardcoded server. This could potentially be used for...

PT-2025-8756 · Autodzee · Autodzee

Name of the Vulnerable Software and Affected Versions: autodzee affected versions not specified Description: The autodzee package, a Python library that bypasses Deezer API restrictions to download music, was found to exfiltrate user data to a hardcoded server. This could potentially be used for...

PT-2025-8754 · Autodzee · Autodzee

Name of the Vulnerable Software and Affected Versions: autodzee affected versions not specified Description: The autodzee package, a Python library that bypasses Deezer API restrictions to download music, was found to exfiltrate user data to a hardcoded server. This could potentially be used for...

africanwhisper (>=0.2.8 <=0.9.0), agentx-tools (>=0.2.0 <=0.7.1) +74 more potentially affected by CVE-2023-40581 +1 more via yt-dlp (>=2021.9.2 <=2023.7.6)

yt-dlp PYPI version =2021.9.2, =0.2.8, =0.2.0, =2023.3.3, =0.1.0, =0.3.0, =0.0.4, =1.4.0, =0.1.0, =1.0.2, =2.0.0a1, =11.7.1, =2.3.10, =3.0.1 and more Source cves: CVE-2023-40581, CVE-2024-22423 Source advisory: OSV:GHSA-42H4-V29R-42QG...

Deezer: Music & Song Streaming - Base64 encoded String, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Deezer: Music & Song Streaming published at the 'play' market has multiple vulnerabilities...