Malicious code in ggfmttygl-new (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2098233a75602dd1779f720f566420f4a88ec77694b206e7858323b5aeea38d5 Package is disguised as a utility, but in fact loads encrypted code as modules. However, loading it requires knowing the decryption key which is not included i...

MAL-2026-2307 Malicious code in axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503284900929e333b801f9f47419a2b4c21e4022d13a03fc14e4b5390767a51d The package axios was found to contain malicious code. Source: ghsa-malware bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e Any...

Malicious code in ethrpc-keys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f086c363123d21b52dc28b5a642db6c1eb84e01dc519995435476b19655d63a9 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...

Malicious code in platforms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 152f27ebcd7a8c662ffcbfe69086e0a50e71f73993bc7d97ce3bb67896c8a4dc During importing, the code automatically starts a Telegram bot designed to download and save files locally upon a specific message in the channel. While this...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

MAL-2025-141588 Malicious code in dependencies-venus-install-bootes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2229483646722536d85ff104226a170ef6e531b8eeef988858eb5722a8adb0fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-191693 Malicious code in bprinter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60e98383c92d7a5641f3cf793495e55df40673a30bc462affc499d56cdd47e56 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

CVE-2019-11065

A flaw was discovered in Gradle, where it uses an insecure HTTP URL to download dependencies. This flaw causes dependency artifacts to be maliciously compromised by a Man-in-the-middleMITM attack...