13271 matches found
Malicious code in playwrightr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e165b925f82629524e611c81597c32a171df7cec246dc73f268d8192ccbe2c5 setup.py registers a CustomInstallCommand that runs automatically on pip install under Windows. It uses WinHTTP via ctypes to fetch a binary from...
GHSA-P4GQ-832X-FM9V vulnerabilities
Vulnerabilities for packages: py3-nltk...
GHSA-W8QV-6JWH-64R5 vulnerabilities
Vulnerabilities for packages: py3-captum...
GHSA-MP2F-45PM-3CG9 vulnerabilities
Vulnerabilities for packages: py3-captum...
Malicious code in pyqt6darktheme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8cd6d16792d681b160ae1e11b3f698d8fd3004cd6019704008ad1c649fbe6f67 Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining --- Category: MALICIOUS - The campaign has...
Malicious code in jsonschemavalidation (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae82aa94c358f1f00f8a12e8b583cee82efdcf09d2f80263e6851ac0fec98f3 The PyPI project jsonschemavalidation builds a wheel whose installed top-level package is literally jsonschema tool.hatch.build.targets.wheel package...
Malicious code in paysafe-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d9cc9039ffa3e8cadc8a24b0ccd83bcc8eca2fe88e25f35b2022cc1957220fb paysafe-api impersonates the Paysafe payments provider package name, description, author 'Paysafe Developer Team', and use of api.paysafe.com /...
ROOT-APP-PYPI-CVE-2026-27932 CVE-2026-27932 in rootio-joserfc - Patched by Root
Root has patched CVE-2026-27932 in the rootio-joserfc package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-34993 CVE-2026-34993 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-34993 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-23829 CVE-2024-23829 in rootio-aiohttp - Patched by Root
Root has patched CVE-2024-23829 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-45134 CVE-2026-45134 in rootio-langsmith - Patched by Root
Root has patched CVE-2026-45134 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-41182 CVE-2026-41182 in rootio-langsmith - Patched by Root
Root has patched CVE-2026-41182 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-44271 CVE-2023-44271 in rootio-pillow - Patched by Root
Root has patched CVE-2023-44271 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
OPENSUSE-SU-2026:11191-1 python313-lxml_html_clean-0.4.5-1.1 on GA media
These are all security issues fixed in the python313-lxmlhtmlclean-0.4.5-1.1 package on the GA media of openSUSE Tumbleweed...
Malicious code in yt-api-dlp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4710e1aa4fe025aaed51f4958f3b514a6cb950b40069f424c7a5d9a2f85591c Package name yt-api-dlp is a single-token insertion away from the widely-used yt-dlp package, and the tarball contains a near-verbatim copy of the...
Malicious code in confighub (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 805d9b5848999d2ba85368446cb12d90bf350b8201a78dd475079c04f180dd81 confighub 7.0.1 declares installrequires='procwire' and imports procwire at package load in init.py under a version gate that silently swallows...
Malicious code in django-bkvision (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60f6913309b46f7fc428e08267197a375885efc1b3c5660d7707ef70895f558c setup.py executes a top-level function on pip install that collects host metadata hostname, user, cwd, Python version, platform, pid, timestamp and...
Malicious code in tdata-grabber (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b4c3b37df5e3d08d7bc6ad736e0231ed0dc655640ffdf0dc403f4029ace2787 Package name explicitly declares its purpose as harvesting Telegram Desktop session data tdata directory. The tdata folder contains live authenticate...
MAL-2026-6560 Malicious code in tdata-grabber (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b4c3b37df5e3d08d7bc6ad736e0231ed0dc655640ffdf0dc403f4029ace2787 Package name explicitly declares its purpose as harvesting Telegram Desktop session data tdata directory. The tdata folder contains live authenticate...
Malicious code in fsociety-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...