MAL-2025-3475 Malicious code in timekeeper-verifier (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a20fe9fed2445d097ddfd628d59e1b8149913aec4915c112cacfa9fb7cdfc6e This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191673 Malicious code in acloud-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89813876cca364b0dffda624005d527aa3c9f54ea7ce20af8186faf8f374ba6f This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-6583 Malicious code in serverkeeper-verifier (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62ec235d314e175928f82504dade8d7f8313bc88707038976e5be6d78709b869 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191886 Malicious code in tclients-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e1b954f34e0b9f14cca18b47f856a049c06e3503f3186ec2ae4db717a1298a8 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-3006 Malicious code in tcloud-python-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 221affa8a84428ae21f288ce299d114742d269e7bbcbf223a0aa666327fae2c4 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191900 Malicious code in time-check-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5da6618a6f04ceb52acd56bc78e318cb7fbffa07ef3acc041729afe52428c44 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-2947 Malicious code in coinanalyze (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f7faa2aef0e6f2b325d841b405418465db3f0dd601519861d70df45bb4d7adb5 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...

MAL-2025-3010 Malicious code in transaction-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 49ab525dda997f7abc07f4ef30a62443e40a0f01e218b74d6db9b378fe51f2a4 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...

MAL-2025-2948 Malicious code in coingenerator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78810d9638861bd92d3f96d7e29a552a41eb97b69b8deba84892cc7f458fb8c0 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...

MAL-2025-2946 Malicious code in coinanalysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 786d19aeeea93da949996b447b05122b0750075cb98b943dcb27c0ea622521ea Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...

MAL-2025-3016 Malicious code in web3node (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f226e2391e0717c113d67f398aae7c36705ffbef3310caebd76a1b8b11f0811 web3socket: In the class there is a hidden code that loads a binary Python code from a remote location impersonating PyPI Github account web3node: The package ...

MAL-2025-3004 Malicious code in systoring (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5be790277882f23120bae2ed3979650349878074f8d3d10f869d726fa106160f Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

MAL-2025-3015 Malicious code in watchitoring (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b2a1b7442e643963d1f4aa3fe8696741f7ed248d39effb173f8d77e37690066 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

MAL-2025-2938 Malicious code in asyncconfigreader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c563ba469b1149ae0a06684eb3db69c618ec0780f66670b8183a874ef78d9c3 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

MAL-2025-2931 Malicious code in aiosignalasync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5f77ce31a234eb422ebfaa8182ea066bd7c10c154bfefb76757b0c06bbd3e655 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

CVE-2022-0352

Cross-site Scripting XSS - Reflected in Pypi calibreweb prior to 0.6.16...

CVE-2024-26151

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself...

MAL-2025-1002 Malicious code in utils-pencaws (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1000 Malicious code in utils-eth (PyPI)

--- -= Per source details. Do not edit below this line.=-...