Lucene search
K

9 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:16 a.m.17 views

Malicious code in tiktoken-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac746100211f13951c190e98140c6948be51d7be9257b2b26bcc9baef19be29f tiktoken-mcp impersonates the OpenAI-published tiktoken package: its METADATA copies the upstream Name/Summary, Author 'Shantanu Jain', Author-email...

5.5AI score
Exploits0References6
OSV
OSV
added 2026/06/08 7:53 a.m.13 views

MAL-2026-5303 Malicious code in rlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a034f9ba4356799034d728884eccecf5c53779d85280556419cda38e671a30 The package name 'rlask' is a single-character edit of the popular 'flask' package. METADATA declares 'Maintainer-email: Pallets ', and entrypoints.t...

6.1AI score
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:49 a.m.19 views

Malicious code in nhmpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34db1950ee9bdf9c75ae9bb2436085bbb443107321d8d7056a0bf3b8fae36978 The package is published as 'nhmpy' on PyPI but its contents are a verbatim copy of NumPy 2.4.6: the same source tree, docstrings, and license files...

6.1AI score
Exploits0References7
OSV
OSV
added 2026/06/08 7:49 a.m.11 views

MAL-2026-5302 Malicious code in nhmpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34db1950ee9bdf9c75ae9bb2436085bbb443107321d8d7056a0bf3b8fae36978 The package is published as 'nhmpy' on PyPI but its contents are a verbatim copy of NumPy 2.4.6: the same source tree, docstrings, and license files...

6.2AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.15 views

Malicious code in orchestr8-platform (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d9526ae43236ac15964b307175384455975ace26d8157ef3c41ed8db8192562 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6AI score
Exploits0References5
OSV
OSV
added 2026/06/06 6:13 a.m.13 views

MAL-2026-5285 Malicious code in ufish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27371fa53e0e8e5e763b18b9bcadfd9b6991c720dd154d17bffeab0e7a139ef4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

5.5AI score
Exploits0References5
OSV
OSV
added 2026/06/06 6:13 a.m.14 views

MAL-2026-5275 Malicious code in napari-ufish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9785bcfea6c0bd6ff8193d721e15b2a80e4e718e16bd8722d018703bbd0b2516 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.1AI score
Exploits0References7
OSV
OSV
added 2026/06/06 6:13 a.m.12 views

MAL-2026-5278 Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

5.5AI score
Exploits0References5
OSV
OSV
added 2025/07/04 9:57 a.m.17 views

MAL-2025-191733 Malicious code in fonafx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...

7.2AI score
Exploits0References1
Rows per page
Query Builder