28 matches found
ROOT-APP-PYPI-CVE-2024-26130 CVE-2024-26130 in rootio-cryptography - Patched by Root
Root has patched CVE-2024-26130 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
CVE-2026-42266
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...
ROOT-APP-PYPI-CVE-2025-47273 CVE-2025-47273 in rootio-setuptools - Patched by Root
Root has patched CVE-2025-47273 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...
CVE-2026-41391
OpenClaw before 2026.3.31 fails to properly sanitize PIPINDEXURL and UVINDEXURL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management operations by injecting...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from the failure to properly clean the PIPINDEXURL and UVINDEXURL environment variables in the host executio...
Malicious code in elementary-data (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 96dc65f67f54411d3de6b23a33a8f73665e2703d7261b7f1720cdc089c528eea Versions 0.23.3 were compromised. A threat actor exploited a vulnerability in the CI workflows to inject code and establish, likely, a reverse shell in the CI...
EUVD-2025-19437
Malicious code in bioql PyPI...
Malicious code in keras-beautifulsoup (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9f4e383a9ff1753757d075b6ab28633f99e4e24fbe7b01db5360243f163ea2ac The OpenSSF Package Analysis project identified 'keras-beautifulsoup' @ 2.9.2 pypi as malicious. It is considered malicious because: - The packa...
Malicious code in tpguiintelcv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8d9b200f6d6d64af259afc8ae77492668a7049d7fe5857c3ef418362fd01b459 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in librandomintelkill (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 13e5b2afa4c6cae3ffae769aa168edb5a37bae65b6d80c655a603953ffb3b628 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfpostponghydra (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b35814d9a292db45a0a768460ad351988403c29893f7487f2bc87b3d01d30f43 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-studyproofver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a42d421306b4258ecaa559617aabb007bee4005f1d4907a05058bff8a56c75f3 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfproofnvidiagrand (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx cc6f1884322c84c15350af50f757342885c829db7e013dc97e1f1cafe6247834 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in tpcvgrandhacked (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3f854c0b9409c2e737545158d31d6c55d914a91e761f6ceb71ea5f2d74069d7a EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqstrpushsplit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 25c27e4548bb37d2f0ffa77ff461120120ac51038630bf2048d02c71eb303459 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfpywpipvirtual (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d6a3eb9829f20bbde5ea61248e4ef28002ae9037039b1a057a463df12ee09883 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in tpgetencodere (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx c4f422fa6d11828cda5121b04ecb6985a7f84bf83c06155b696394b7d7f021cb EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-adedgui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 122130efaa487e888638e0c9f7fb3eec058566ec9299e61f28e05e1965a3392e EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqguimc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx e14b2ed9c00ded4728db80c28a231d5c5d4c5321de8e3ad2fb1936f6af771cb2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-hackedcandyhttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8961ce41ed903a72794775a91290ad881beb6fa38a163aeb258d4026f8ff4e3c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...