CVE-2022-40432

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

CVE-2022-44051

The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0...

CVE-2022-44050

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0...

CVE-2022-42964

An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...

CVE-2022-42038

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

CVE-2022-40808

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

CVE-2022-40812

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

CVE-2022-34509

The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party...

CVE-2022-34501

The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party...

CVE-2022-34983

The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party...

CVE-2022-28470

marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor...

CVE-2022-1431

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to...

CVE-2022-23531

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

CVE-2022-44053

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...

CVE-2020-13328

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API...

MAL-2025-4268 Malicious code in web3-validators (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-4267 Malicious code in web3-requests (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-4266 Malicious code in web3-request-1-8-54 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-4265 Malicious code in web3-request (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-4263 Malicious code in web3-checksumm (PyPI)

--- -= Per source details. Do not edit below this line.=-...