EUVD-2025-29494

Malicious code in bioql PyPI...

01os (=0.0.14), abogen (>=1.0.0 <=1.3.1) +594 more potentially affected by unknown CVE via num2words (>=0.5.10 <=0.5.14)

num2words PYPI version =0.5.10, =1.0.0, =0.1.0, =0.1.6, =2.0.0.post1, =0.1.1, =0.1.0, =24.10.0a8, =0.1.7, =0.2.3, =0.1.0, =0.1.1 - anki-voiced =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-6794...

Malicious code in num2words (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 36822c42f7e862f29cef9734efec9a9a9cc44a80e619e954dd25c12239d15767 The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code...

MAL-2025-6794 Malicious code in num2words (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 36822c42f7e862f29cef9734efec9a9a9cc44a80e619e954dd25c12239d15767 The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code...

num2words subjected to phishing attack, two versions published containing malware

The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments...

GHSA-JXR6-QRXX-2PH2 num2words subjected to phishing attack, two versions published containing malware

The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments...

01os (=0.0.14), abogen (>=1.0.0 <=1.3.1) +594 more potentially affected by unknown CVE via num2words (>=0.5.10 <=0.5.14)

num2words PYPI version =0.5.10, =1.0.0, =0.1.0, =0.1.6, =2.0.0.post1, =0.1.1, =0.1.0, =24.10.0a8, =0.1.7, =0.2.3, =0.1.0, =0.1.1 - anki-voiced =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:PYSEC-2025-72...

PYSEC-2025-72 After a successful phishing attack, new versions of `num2words` were published containing malware.

The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments...

After a successful phishing attack, new versions of `num2words` were published containing malware.

The num2words project was compromised via a phishing attackand two new versions were uploaded to PyPI containing malicious code.The affected versions have been removed from PyPI,and users are advised to remove the affected versions from their environments...

Embedded Malicious Code

Overview num2words is a malicious package. A malicious actor compromised the credentials of one of the package maintainers via a phishing attack; This allowed the attacker to modify the intialization script init.py and publish tampered versions of the package to PyPI. Script Behavior The code...