CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 6 days ago•5 views

MAL-2026-6083 Malicious code in syncagents (PyPI)

5.9AI score

OSV•added 2026/06/08 10:22 p.m.•7 views

MAL-2026-5338 Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...

5.6AI score

Exploits0References3

OSV•added 2026/06/08 7:54 a.m.•9 views

MAL-2026-5305 Malicious code in tlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b3ae446f7b8d808b84c157ec455883e0bc45e4f4180e51c5cd42ff9852712a2 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

OSSF Malicious Packages•added 2026/06/08 7:52 a.m.•7 views

Malicious code in rsquests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b32959e10bc6b1df57d105a5e5d74cbe7b69660cb7a1e78185d3f5e0e0f07e10 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

OSV•added 2026/06/08 7:52 a.m.•9 views

MAL-2026-5304 Malicious code in rsquests (PyPI)

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•9 views

Malicious code in orchestr8-platform (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6b28e6bb345bcdb4726198079a56fcbbb0e73d4d2309c1927c0c8803d515232f Versions 3.3.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•10 views

Exploits0References4

Malicious code in magique-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6806267ad399a4b51411f5176e26470cccb7803dff5f0f6f1e3dca6e6c82170c Versions 0.4.4, 0.4.5 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•8 views

Malicious code in embiggen (PyPI)

The package embiggen version 0.11.97 contains a malicious .pth file embiggen-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscated...

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•8 views

Malicious code in executor-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fee580000475783e657a2e66ca6a4a4bd4369aa0bc9f87152b003dca6f34848 executor-engine 0.3.4 ships a malicious site-packages.pth file executorengine-setup.pth that Python's site initialization auto-executes on every...

5.9AI score

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•6 views

Malicious code in ensmallen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f844af5d6142ffdd36c3697ff26feabb3d79b6f75e5ac403d2ade6460023e04c Versions 0.8.101 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using...

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•7 views

Exploits0References4

Malicious code in gpsea (PyPI)

The package gpsea version 0.9.14 contains a malicious .pth file gpsea-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscated JavaScrip...

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•6 views

Malicious code in langchain-core-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd42d83950d8d8fc559905eed104af38cd6c8aef683b96778f0b8d778dd6bd5a Package langchain-core-mcp impersonates the legitimate langchain-core publisher: METADATA sets Project-URL Repository to...

5.7AI score

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•10 views

Malicious code in cmd2func (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 055d480cc069717b82f618e12d453e7d8dc7d2e83bf77ae25ae23f71e73a1d1a The package installs cmd2func-setup.pth, a.pth file that Python auto-loads at every interpreter start. The single-line payload uses the.pth...

5.7AI score

OSV•added 2026/06/06 6:13 a.m.•10 views

MAL-2026-5285 Malicious code in ufish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27371fa53e0e8e5e763b18b9bcadfd9b6991c720dd154d17bffeab0e7a139ef4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•23 views

Malicious code in funcdesc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a5756a79331cdda67721e39889609f5c0b5e342b678dbce2de97c94ec2dbe29 The package installs funcdesc-setup.pth, which Python auto-executes at interpreter startup for any environment where this package is installed. The.p...

6.3AI score

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•12 views

Malicious code in ufish (PyPI)

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•8 views

Malicious code in phenopacket-store-toolkit (PyPI)

The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...