Malicious code in zlibsrc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfbf8f67470456ad6b704fb2c2d47edef71ce077afe59bf1a6f79913bde2fd5d Security researchers at Check Point Research discovered a malicious package called zlibsrc impersonating the PyPI package zlib. PyPI has since removed...

Malicious code in free-net-vpn2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 918a0f985a93815d37d9480f97dd5203b78834142904ae50550bd431ca52c05b Security researchers at Check Point Research discovered a malicious package called free-net-vpn2 that targets environment variables. PyPI has since remov...

Malicious code in test-async (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77032b3c9cc48f55b79507650d7c7a520543997883ee5c2cb3e655a5ee8f3304 Security researchers at Check Point Research discovered a malicious package called test-async. PyPI has since removed test-async...

Malicious code in pyproto2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11270c23eaf76f2fad8af5f01e5fb1b3bb9e018dbd6a51a358b158e76119126b Security researchers at Check Point Research discovered a malicious package called PyProto2. PyPI has since removed PyProto2...

Malicious code in pymocks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7a97355d8b3b2dabe0e20f66045fa970717443f6f81e532c13d2e8bc1568dc8 Security researchers at Check Point Research discovered a malicious package called pymocks. PyPI has since removed pymocks...

Malicious code in pyg-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d88aee4a8e480e3f09eb95c41c77cb679c144faacd48d7829c401276d21a8f38 Security researchers at Check Point Research discovered a malicious package called pyg-utils. PyPI has since removed pyg-utils...

Malicious code in ascii2text (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4a161cdfe88252de2eba4185ad1460062afc88659f928121253c995367ace33 Security researchers at Check Point Research discovered a malicious package called ascii2text impersonating the PyPI package art. PyPI has since removed...

exotel 安全漏洞

exotel is a Python module for exotels calls and sms api. A security vulnerability exists in PyPI exotel package version 0.1.6, which stems from including a code execution backdoor inserted by a third party...

PYSEC-2022-250

The exotel project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...

PYSEC-2022-251

The spam project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...

CVE-2022-34982

The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party...

PYSEC-2022-242

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party...

CVE-2022-34053

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-32999

The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-34061

The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-34057

The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-34056

The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-33001

The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

PYSEC-2022-43169

The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

PYSEC-2022-216

The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...