9169 matches found
EUVD-2026-3706
Malicious code in xadauiom PyPI...
Malicious code in xadauiom (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 64051fbf2528075ff707f512002bce043db1a535723bd677e6fcde0f53f7cafa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2026-3708
Malicious code in spellcheckpy PyPI...
EUVD-2026-3716
Malicious code in coolpackage2323 PyPI...
CVE-2025-56005
An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...
EUVD-2026-3496
Malicious code in spellcheckerpy PyPI...
EUVD-2026-3254
Malicious code in nanoinstaller PyPI...
EUVD-2026-3255
Malicious code in bnanainstaller PyPI...
Many Hands Make Light Work: An LLM-Based Multi-Agent System for Detecting Malicious PyPI Packages
Malicious code in open-source repositories such as PyPI poses a growing threat to software supply chains. Traditional rule-based tools often overlook the semantic patterns in source code that are crucial for identifying adversarial components. Large language models LLMs show promise for software...
EUVD-2026-2657
Malicious code in haqawi PyPI...
Malicious code in haqawi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6c55dd7769c6bf39fd838af80c68669f79339abce1333cd421d9477144d7fde4 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...
EUVD-2026-2658
Malicious code in legendevil1 PyPI...
EUVD-2026-2659
Malicious code in hairest PyPI...
MAL-2026-253 Malicious code in clipcord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fca6ce37489de021bfea975a55751ad244552b7868a4e534f955d30a0efb1770 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
EUVD-2026-2661
Malicious code in solana-program PyPI...
EUVD-2026-2663
Malicious code in transitive-req PyPI...
EUVD-2026-2402
Malicious code in dify-api PyPI...
Malicious code in dify-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a40038bb1837e98127f2e267d1932d1eeb641c93e855c50af9aa25002e28c76b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
GuardDog 路径遍历漏洞
GuardDog is a CLI tool in GuardDog open source that allows identifying malicious PyPI packages. A path traversal vulnerability exists in GuardDog versions prior to 2.7.1, which stems from the presence of path traversal in the safeextract function, which could lead to arbitrary file overwriting an...
EUVD-2026-1961
Malicious code in graponater PyPI...