106 matches found
semantic-router exposed to compromised litellm wheel (CVE-2026-42208) via unbounded transitive pin
Impact semantic-router versions 0.1.8 through 0.1.14 declare litellm=1.61.3 with no upper bound. During the window in which litellm==1.82.8 was the latest release on PyPI, a fresh install of any affected semantic-router version could resolve to that compromised wheel. The malicious litellm==1.82....
GHSA-98X5-VQ43-VC5P semantic-router exposed to compromised litellm wheel (CVE-2026-42208) via unbounded transitive pin
Impact semantic-router versions 0.1.8 through 0.1.14 declare litellm=1.61.3 with no upper bound. During the window in which litellm==1.82.8 was the latest release on PyPI, a fresh install of any affected semantic-router version could resolve to that compromised wheel. The malicious litellm==1.82....
Malicious code in d0rk3r-telemetry (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...
Malicious code in request-cache-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...
Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...
MAL-2026-6083 Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...
MAL-2026-5878 Malicious code in cache-compat-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70fc75889476bd737b302c856fb1d2da1b263a93786bc27fed3978c3eb0584cd The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
MAL-2026-5338 Malicious code in solana-web3-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...
MAL-2026-5305 Malicious code in tlask (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae87e0c65760999b8ff4e28d11505b15a71a1a46dd8d761122e3d9d8e2cd85b6 The package is published as 'tlask', a single-character edit of the widely used 'flask' package on PyPI. Metadata and module contents are copied...
Malicious code in rsquests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2041887c315474d0722cbf717e189ec1260e209c5f00da5ca3a52a60c6aebb2 The package name rsquests is a single-character insertion typo of the top-100 PyPI package requests. Package metadata and source are a verbatim copy ...
MAL-2026-5304 Malicious code in rsquests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2041887c315474d0722cbf717e189ec1260e209c5f00da5ca3a52a60c6aebb2 The package name rsquests is a single-character insertion typo of the top-100 PyPI package requests. Package metadata and source are a verbatim copy ...
Malicious code in phenopacket-store-toolkit (PyPI)
The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...
Malicious code in uprobe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82230ac4ef4464e9696491bf25cfabbd5cff78ab2256f4aa1a0d5ad7456218a8 The package installs uprobe-setup.pth, which Python auto-loads at every interpreter startup in any environment where the wheel is present. The.pth...
Malicious code in orchestr8-platform (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d9526ae43236ac15964b307175384455975ace26d8157ef3c41ed8db8192562 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
Malicious code in okite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cc7d54b0e30e24367551e3f19ab7387cf397cf9e1b5889c9f04ff871c771c38 The package installs okite-setup.pth, which Python auto-loads on every interpreter start. The.pth file contains a one-line obfuscated exec of a strin...
Malicious code in cmd2func (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 055d480cc069717b82f618e12d453e7d8dc7d2e83bf77ae25ae23f71e73a1d1a The package installs cmd2func-setup.pth, a.pth file that Python auto-loads at every interpreter start. The single-line payload uses the.pth...
Malicious code in ensmallen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a05cd4ff9f8142405c5672f1ffa54d575165f6bc2b0f5324c9bfacf75e651de8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
Malicious code in langchain-core-mcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd42d83950d8d8fc559905eed104af38cd6c8aef683b96778f0b8d778dd6bd5a Package langchain-core-mcp impersonates the legitimate langchain-core publisher: METADATA sets Project-URL Repository to...
Malicious code in ufish (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27371fa53e0e8e5e763b18b9bcadfd9b6991c720dd154d17bffeab0e7a139ef4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in magique-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4241e99d1053712e6909db44c939421695dff66556055a93058f9a55f8694929 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...