Malicious Package

Overview graphsync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

EUVD-2025-201908

Malicious code in graphsync PyPI...

Malicious code in graphsync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dbb10327d6553750848c2b849abba1ed717438928a6cfdc148b73de73db8e9db This is a malicious copy of the networkx package. It contains an obfuscated script that downloads and runs further scripts from one of multiple locations, and...

GHSA-MCQ2-W56R-5W2W Daemon panics when processing certain blocks

Impact go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes that work with these malformed graphs may crash leading to denial-of-service risks. This particularly...

Daemon panics when processing certain blocks

Impact go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes that work with these malformed graphs may crash leading to denial-of-service risks. This particularly...