Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/02/06 7:37 p.m.14 views

A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/06 7:37 p.m.8 views

GHSA-4F84-67CV-QRV3 A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...

9.3CVSS5.8AI score
Exploits0References3
PyPA
PyPA
added 2026/01/28 9:9 p.m.16 views

A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able toupload a malicious version 1.1.5.post1 of the dydx-v4-client package.This version contains a highly obfuscated multi-stage loaderthat ultimately executes malicious code on the host system.While the final payload is not visible because ...

5.8AI score
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/01/26 11:0 p.m.3 views

dydx-trading-sdk (>=0.1.1 <=0.1.5), locast (>=0.1.0 <=0.1.9) +1 more potentially affected by unknown CVE via dydx-v4-client (=1.1.6)

dydx-v4-client PYPI version =1.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on dydx-v4-client and may be impacted: - dydx-trading-sdk =0.1.1, =0.1.0, =0.1.1, =1.0.7 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DYDXV4CLIENT-15244902...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/01/26 11:0 p.m.3 views

Embedded Malicious Code

Overview dydx-v4-client is a malicious package. Versions of this package were compromised with malicious scripts in core registry files. Remediation Avoid using all malicious instances of the dydx-v4-client package. Credit: Kush Pandya...

9.8CVSS5.3AI score
Exploits0References2
Rows per page
Query Builder