Malicious code in sf-silly-goose-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60 Package uses trufflehog to detect secrets and exfiltrates them to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, lik...

ROOT-APP-PYPI-CVE-2026-28802 CVE-2026-28802 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28802 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-41182 CVE-2026-41182 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-41182 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2022-31777 CVE-2022-31777 in rootio-pyspark - Patched by Root

Root has patched CVE-2022-31777 in the rootio-pyspark package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-49767 CVE-2024-49767 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2024-49767 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-22702 CVE-2026-22702 in rootio-virtualenv - Patched by Root

Root has patched CVE-2026-22702 in the rootio-virtualenv package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-21860 CVE-2026-21860 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2026-21860 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-5569 CVE-2024-5569 in rootio-zipp - Patched by Root

Root has patched CVE-2024-5569 in the rootio-zipp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2022-40897 CVE-2022-40897 in rootio-setuptools - Patched by Root

Root has patched CVE-2022-40897 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-69277 CVE-2025-69277 in rootio-PyNaCl - Patched by Root

Root has patched CVE-2025-69277 in the rootio-PyNaCl package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-31958 CVE-2026-31958 in rootio-tornado - Patched by Root

Root has patched CVE-2026-31958 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-28684 CVE-2026-28684 in rootio-python-dotenv - Patched by Root

Root has patched CVE-2026-28684 in the rootio-python-dotenv package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-67221 CVE-2025-67221 in rootio-orjson - Patched by Root

Root has patched CVE-2025-67221 in the rootio-orjson package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-4565 CVE-2025-4565 in rootio-protobuf - Patched by Root

Root has patched CVE-2025-4565 in the rootio-protobuf package for Root:PyPI. Multiple fixed versions available...

Malicious code in tronlabpy3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71fd394fee5be8e6fe09e8fff0c645dfc2bd164506a85c077d76642c9ec86ba6 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Malicious code in fia-signals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b61c6fe7ba81fd99de703bc1c00e0a93b2809363abfbf12b79fd9905830f2b54 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

ROOT-APP-PYPI-CVE-2025-34291 CVE-2025-34291 in rootio-langflow - Patched by Root

Root has patched CVE-2025-34291 in the rootio-langflow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-41066 CVE-2026-41066 in rootio-lxml - Patched by Root

Root has patched CVE-2026-41066 in the rootio-lxml package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-GHSA-747P-WMPV-9C78 GHSA-747p-wmpv-9c78 in rootio-awscli - Patched by Root

Root has patched GHSA-747p-wmpv-9c78 in the rootio-awscli package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-34110 CVE-2023-34110 in rootio-Flask-AppBuilder - Patched by Root

Root has patched CVE-2023-34110 in the rootio-Flask-AppBuilder package for Root:PyPI. Multiple fixed versions available...