cafe-release (=0.1.3), cellist (>=1.0.0 <=1.1.1) +5 more potentially affected by unknown CVE via dynamo-release (>=1.4.0 <=1.5.3)

dynamo-release PYPI version =1.4.0, =1.0.0, =0.1.7, =1.0.0, =1.1.1 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DYNAMORELEASE-17220136...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

Malicious code in dynamo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4e35bea632f7363e7a1cc6ccbfb9227eca2c4720b0a689edc1bc3ce64c9d85c Versions 1.5.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-44345 via bentoml (>=1.0.0a7 <=1.4.3)

bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-44345 Source advisory: SNYK:PYTHON-BENTOML-16642321...

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-35044 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-35044 Source advisory: OSV:GHSA-V959-CWQ9-7HR6...

ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-35043 via bentoml (>=1.0.0a7 <=1.4.3)

bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-35043 Source advisory: SNYK:PYTHON-BENTOML-15909743...

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-27905 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-27905 Source advisory: OSV:GHSA-M6W7-QV66-G3MF...

CVE-2026-27695

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...

Allocation of Resources Without Limits or Throttling

Overview zae-limiter is a Rate limiting library backed by DynamoDB with token bucket algorithm Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the acquire function. An attacker can cause elevated latency and rejected requests for...

CVE-2026-25814

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

CVE-2026-25814

PlaciPy (educational placement system) 1.0.0 is affected by a NoSQL injection risk: user-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization. This vulnerability enables tampering with queries, potentially compromising confiden...

CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

PlaciPy 注入漏洞

PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and managers in educational institutions. Version 1.0.0 of PlaciPy contains a vulnerability that stems from unvalidated or unchecked...

ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-24123 via bentoml (>=1.0.0a7 <=1.4.3)

bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-24123 Source advisory: SNYK:PYTHON-BENTOML-15123972...

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-24123 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-24123 Source advisory: OSV:GHSA-6R62-W2Q3-48HF...

aws-secretsmanager-cache (=0.5.0), dynamo-es (=0.4.5) +1 more potentially affected by unknown CVE via aws-sdk-config (>=0.17.0 <=0.26.0)

aws-sdk-config CARGO version =0.17.0, =0.1.0, =0.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

serde_dynamo (>=3.0.1 <=4.2.8) potentially affected by unknown CVE via aws-sdk-dynamodbstreams (>=0.10.1 <=0.9.0)

aws-sdk-dynamodbstreams CARGO version =0.10.1, =3.0.1, =4.2.8 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

EUVD-2025-179230

Malicious code in dynamo-ganymede-init-sequelize npm...

EUVD-2025-180450

Malicious code in alphard-dynamo-antares-meteor npm...

Malicious code in procyon-json-dynamo-neutrino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2e07823e5cce346b257d22926e479c2d0a207460567f6726c84336674fe59f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...