PYSEC-2022-43078

The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43116

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

CVE-2022-40427

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

CVE-2022-40424

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0...

PYSEC-2022-43098

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

Malicious Package

Overview democritus-algorithms is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-algorithms package. References - GitHub Iss...

Malicious Package

Overview democritus-networking is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-networking package. References - GitHub Iss...

Malicious Package

Overview democritus-timezones is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-timezones package. References - GitHub Issue...

PYSEC-2022-43105

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

Malicious Package

Overview democritus-hypothesis is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-hypothesis package. References - GitHub Iss...

Malicious Package

Overview democritus-uuids is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-uuids package. References - GitHub Issue - GitHu...

PYSEC-2022-43103

The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

Malicious Package

Overview democritus-math is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-math package. References - GitHub Issue - GitHub...

Malicious Package

Overview democritus-dates is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-dates package. References - GitHub Issue - GitHu...

CVE-2022-38880

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0...

PT-2022-37362 · Pypi · Democritus-File-System +1

Name of the Vulnerable Software and Affected Versions: d8s-pdfs version 0.1.0 Description: The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. Recommendations: For version 0.1....

PT-2022-37380 · Pypi · D8S-Pdfs +1

Name of the Vulnerable Software and Affected Versions: d8s-pdfs version 0.1.0 Description: The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. Recommendations: For version 0.1.0...

PT-2022-37343 · Pypi · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-netstrings version 0.1.0 Description: The d8s-netstrings package for Python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third...

PT-2022-24608 · Unknown +1 · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version 0.1.0,...

Warning: PyPI Feature Executes Code Automatically After Python Package Download

In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically...