Lucene search
K

9169 matches found

ATTACKERKB
ATTACKERKB
added 2023/06/30 8:15 p.m.6 views

CVE-2023-31543

A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...

9.8CVSS7.8AI score0.01086EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/30 12:0 a.m.7 views

pipreqs 代码问题漏洞

pipreqs is a library from Vadim Kravcenko's personal developer that generates piprequirements.txt files based on the import of any project. A security vulnerability exists in pipreqs versions v0.3.0 through v0.4.11, which stems from the ability to inject specified PyPI packages into the generated...

9.8CVSS8.3AI score0.01086EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/06/19 1:30 p.m.5 views

Malicious code in arangodba (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8a8f8299dc6c21b2441da8a56c195b046c05f65c0ab9b78f08aff27eb1611ac7 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

7.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/06/18 8:0 a.m.4 views

Malicious code in dependency1338 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4342f154d7ceb9727add670c55348d65e1b2c18232cbf166d82257971ad05712 The OpenSSF Package Analysis project identified 'dependency1338' @ 1.0.0 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/01 12:16 p.m.4 views

Malicious PyPI Packages Using Compiled Python Code to Bypass Detection

Researchers have discovered a novel attack on the Python Package Index PyPI repository that employs compiled Python code to sidestep detection by application security tools. "It may be the first supply chain attack to take advantage of the fact that Python bytecode PYC files can be directly...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/29 9:27 p.m.8 views

Malicious code in cxfreezepy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 98b9fe0f574ed33e0a4096ba8774936c73969493c1621244334a739ef4f94f5d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2023/05/29 4:58 a.m.4 views

PyPI Implements Mandatory Two-Factor Authentication for Project Owners

The Python Package Index PyPI announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication 2FA by the end of the year. "Between now and the end of the year, PyPI will begin gating access to...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/27 12:0 a.m.7 views

Malicious code in pyclack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a5bbfd7bb3c6e08fcaab006836d25519f6f790a3e647e64dd210e0b6f464d490 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

7AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/25 12:24 p.m.6 views

Malicious code in oculoushide (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9b7403cc73bb98e45396c93de766686608f4d7f80a03e6e8af73d244de0c7fe1 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/25 9:3 a.m.4 views

Malicious code in this-is-malware (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a09f1ea3e612edb3afa0fb412d98d5c1ce03b4303b89288ce84357b49b25a3ac The OpenSSF Package Analysis project identified 'this-is-malware' @ 0.1.0 pypi as malicious. It is considered malicious because: - The package...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/21 8:58 a.m.6 views

PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted

The maintainers of Python Package Index PyPI, the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice. "The volume of malicious users and malicious projects being...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:36 p.m.5 views

Malicious code in opencv-keras (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1f3dbc8704eb128ec656854e38ccd3c45d1232978eed378bb7711837dddd09bf The OpenSSF Package Analysis project identified 'opencv-keras' @ 17.10.13 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:25 p.m.5 views

Malicious code in req-flask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a1a249da7f5d65ac080890111e76921348e8eadbfca48a449be1319f9c65982c The OpenSSF Package Analysis project identified 'req-flask' @ 2.9.4 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:5 p.m.6 views

Malicious code in pygame-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93390eea0977ef15ff0c7413e64df5bd99497ea76e9238097ee0b6f4b9862fdd The OpenSSF Package Analysis project identified 'pygame-install' @ 17.14.20 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:5 p.m.6 views

Malicious code in pygame-pytorch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c104a6d866e764da7907147cd7def349f360987498156433ef1e11bf4ac2263c The OpenSSF Package Analysis project identified 'pygame-pytorch' @ 3.4.19 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:5 p.m.5 views

Malicious code in pandas-numpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ad64cd7fe8db5e273a5e994ca67fcc44546298765caf11ec2edcd0d587481434 The OpenSSF Package Analysis project identified 'pandas-numpy' @ 8.19.3 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:5 p.m.5 views

Malicious code in crypto-pygame (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12204aa041b42e90b2749e8026e866fbe3d5ff07e79899073fbc585b9950b727 The OpenSSF Package Analysis project identified 'crypto-pygame' @ 10.14.7 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:5 p.m.4 views

Malicious code in print-pip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b212a33e119ddadecf30da008a6e74a0b1c954521ae1a596e715f201c0abf281 The OpenSSF Package Analysis project identified 'print-pip' @ 13.9.3 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:5 p.m.5 views

Malicious code in requests-pandas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 466aafb46bc841bddc0afbb05274ddf5c303d04e389298842ce36325e6809744 The OpenSSF Package Analysis project identified 'requests-pandas' @ 3.10.17 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:5 p.m.8 views

Malicious code in scikit-learn-matplotlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 14d5e86444b47f8ee729dcf7930f4ba68d938ea99b786e110e5d7bd53f081fa9 The OpenSSF Package Analysis project identified 'scikit-learn-matplotlib' @ 6.12.17 pypi as malicious. It is considered malicious because: - The...

6.9AI score
Exploits0
Rows per page
Query Builder