CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/16 7:37 a.m.•9 views

Malicious code in datacamp-light (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 234a0d37873455b7db32068745d93ed29aafa596877b39949280b4ec0621ad6b datacamp-light 99.0.0 impersonates DataCamp's internal package name='datacamp-light', author='DataCamp',...

OSV•added 2026/06/15 5:39 p.m.•7 views

MAL-2026-5810 Malicious code in dispatch-internal-plugins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5993e79eab55ecc24ada6a4bce88f580c958499d51d0d7472e74aad904648964 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/06/15 5:38 p.m.•9 views

Malicious code in gigl-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 28903f76bed2e89a18c9c276d62c95bb089a091020f89f35f7d2800ef6a3bce3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/06/15 5:37 p.m.•8 views

Malicious code in mlir-aie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b322e48aca1ca0a746c94d2a935756a1303b61a1530cf39bedf9f75097269bad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/06/15 5:37 p.m.•6 views

MAL-2026-5818 Malicious code in mlir-aie (PyPI)

OSV•added 2026/06/15 5:37 p.m.•5 views

MAL-2026-5813 Malicious code in intel-ai-safety (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7bafa4e952ec2e2db6e164f8bf385088c38438396f02f8096c28a6105878e729 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/06/15 5:37 p.m.•9 views

Malicious code in sl-pgp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53bd44f0ef91bd7b2757153e06bc9a7b697aba1af30af9bc6a6ccb71d7a3012a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/06/15 5:37 p.m.•6 views

MAL-2026-5823 Malicious code in sl-pgp (PyPI)

OSV•added 2026/06/15 5:36 p.m.•5 views

MAL-2026-5822 Malicious code in scriptworker-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b8cdfb6bd0db2d192ccd67b0ebb8023dee7343620b9a48c95cc58b5e1ee536f0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/06/15 9:40 a.m.•8 views

Malicious code in ckanext-dms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/06/14 10:9 a.m.•11 views

Malicious code in bash8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 375ef978992bd3c12f8778e62d2c6f8a105fa3a15cc508db6d8dd6043fd7507c setup.py overrides the install command with a custom InstallWithBeacon class that, on pip install, collects the installer's hostname via...

GithubExploit•added 2026/06/13 7:11 a.m.•63 views

web-vuln-scanner

Web Vulnerability Scanner Basic web application vulnerability...

5.9AI score

Exploits0

OSV•added 2026/06/12 5:49 p.m.•9 views

MAL-2026-5702 Malicious code in flexitest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17f4bae10d193f8128f50dd3010d283dc89016fa468fc8d9b428b5183c505b27 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/06/12 3:27 p.m.•5 views

MAL-2026-5698 Malicious code in nagios-xi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c11c80cc2d314460d61a649c84fd75881388470382be8183b77b362e562a5c7f On import nagiosxi, the package's init.py lines 5-8 invokes socket.gethostbyname"atlass-check.autaeqjhfowvnnmkwhxjtq8x39d8nder1.oast.fun" inside a...

6.1AI score

OSSF Malicious Packages•added 2026/06/11 12:2 p.m.•10 views

Malicious code in bibip-bip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2b153c90d83d4653660dd79a5a0935af85bd804fd98163c42995403bca240a6 pyproject.toml declares a PEP 517 build requirement that points to an arbitrary tarball hosted on webhook.site, an anonymous request-inspection /...

6.3AI score

OSSF Malicious Packages•added 2026/06/11 1:46 a.m.•7 views

Malicious code in acme-widget-layout-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff800752007d4e55ddc8172e04c8d75ac04d61b499cc58d97f016cd34d70d6c4 On import, src/acmewidgetlayoututils/init.py executes a textbook reverse-shell pattern: it opens a TCP socket, duplicates the socket file descriptor...

5.8AI score

OSV•added 2026/06/11 1:46 a.m.•9 views

MAL-2026-5545 Malicious code in acme-widget-layout-utils (PyPI)

5.8AI score

OSSF Malicious Packages•added 2026/06/10 10:38 p.m.•8 views

Malicious code in icinga (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbedb312e9cfe0f5cc7783487adc963f142ebcaefa0fb9305a9a535f373b052d PyPI package 'icinga' at version 99.1.0 is a dependency-confusion / typosquat lure against the Icinga monitoring project. It ships no real...

5.7AI score

OSSF Malicious Packages•added 2026/06/10 5:21 p.m.•7 views

Malicious code in hello-dynamic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...

5.8AI score