20 matches found
EUVD-2023-0201
Malicious code in bioql PyPI...
Malicious code in pipreqs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94775693df8241bc82973cceb421a0a3263d044d7a810c724173c0b4ada361bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4863 Malicious code in pipreqs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94775693df8241bc82973cceb421a0a3263d044d7a810c724173c0b4ada361bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-31543
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
OPENSUSE-SU-2024:13041-1 python310-pipreqs-0.4.13-1.1 on GA media
These are all security issues fixed in the python310-pipreqs-0.4.13-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2023-31543
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
big-map-archive-api-client (>=0.0.1 <=1.2.0), dash-tools (>=1.6.0 <=1.11.1) +16 more potentially affected by CVE-2023-31543 via pipreqs (>=0.4.10 <=0.4.11)
pipreqs PYPI version =0.4.10, =0.0.1, =1.6.0, =0.0.6, =1.0.3, =1.1.5, =0.3.37, =0.0.5, =0.2.20, =0.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-31543 Source advisory: OSV:GHSA-V4F4-23WC-99MH...
GHSA-V4F4-23WC-99MH pipreqs vulnerable to Dependency Confusion
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
pipreqs vulnerable to Dependency Confusion
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
CVE-2023-31543
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
CVE-2023-31543
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
PYSEC-2023-99
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
PYSEC-2023-99
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
Type confusion
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
big-map-archive-api-client (>=0.0.1 <=1.2.0), dash-tools (>=1.6.0 <=1.11.1) +16 more potentially affected by CVE-2023-31543 via pipreqs (>=0.4.10 <=0.4.11)
pipreqs PYPI version =0.4.10, =0.0.1, =1.6.0, =0.0.6, =1.0.3, =1.1.5, =0.3.37, =0.0.5, =0.2.20, =0.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-31543 Source advisory: OSV:PYSEC-2023-99...
CVE-2023-31543
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
PT-2023-23380 · Pypi · Pipreqs
Name of the Vulnerable Software and Affected Versions: pipreqs versions 0.3.0 through 0.4.11 Description: A dependency confusion in pipreqs allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. Recommendations: For pipreqs versions 0.3.0...
CVE-2023-31543
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...
pipreqs 代码问题漏洞
pipreqs is a library from Vadim Kravcenko's personal developer that generates piprequirements.txt files based on the import of any project. A security vulnerability exists in pipreqs versions v0.3.0 through v0.4.11, which stems from the ability to inject specified PyPI packages into the generated...
CVE-2023-31543
Affected software: pipreqs. Vulnerability: dependency confusion allows remote code execution by uploading a crafted PyPI package to the chosen repository server. Affected versions: v0.3.0 through v0.4.11. Root cause: dependency confusion in package resolution leading to arbitrary code execution. ...