Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 5 days ago7 views

Malicious code in django-auth-middleware-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf58978ba5eec5220b4b4d85966efff31d31d164ff103f98dfd627381e061ec On import, djangoauthmiddlewareplus/init.py spawns a daemon thread that POSTs a JSON payload containing the host's hostname, username, cwd, environme...

5.9AI score
Exploits0References2
OSV
OSVadded last week6 views

MAL-2026-6083 Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/28 12:0 a.m.9 views

Malicious code in @mlspace/env-jupyter-server (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/01 8:28 p.m.6 views

Malicious code in tns-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 186bfba0931ba063bd6e71325785b97c646cbfaaf91c4dca876653673d29c0cc Package is prepared to exfiltrate environmental variables. The wording used clearly states it's part of a campaign targeting cryptocurrency users via malicious...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/03/02 6:49 p.m.10 views

Malicious code in amigapythonupdater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 46cf32631436ddacf36a4984b254c10554b4e94c6099c5012a96ec3a7c5426a1 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...

6.2AI score
Exploits0References1
OSV
OSVadded 2025/05/10 5:59 p.m.3 views

MAL-2025-191845 Malicious code in python3-shodan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b4fca245262ff8de532efc88e1941697e6994786e09eca8a9cbcdbf9faff5cca Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

8AI score
Exploits0References2
Rows per page
Query Builder