9163 matches found
Malicious Package
Overview democritus-dates is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-dates package. References - GitHub Issue - GitHu...
Malicious Package
Overview democritus-networking is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-networking package. References - GitHub Iss...
Malicious Package
Overview democritus-uuids is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-uuids package. References - GitHub Issue - GitHu...
PYSEC-2022-43103
The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...
Malicious Package
Overview democritus-timezones is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-timezones package. References - GitHub Issue...
Malicious Package
Overview democritus-math is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-math package. References - GitHub Issue - GitHub...
PYSEC-2022-43105
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...
Malicious Package
Overview democritus-hypothesis is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-hypothesis package. References - GitHub Iss...
CVE-2022-38880
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0...
PT-2022-24608 · Unknown +1 · Democritus-Strings +1
Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version 0.1.0,...
PT-2022-37362 · Pypi · Democritus-File-System +1
Name of the Vulnerable Software and Affected Versions: d8s-pdfs version 0.1.0 Description: The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. Recommendations: For version 0.1....
PT-2022-37380 · Pypi · D8S-Pdfs +1
Name of the Vulnerable Software and Affected Versions: d8s-pdfs version 0.1.0 Description: The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. Recommendations: For version 0.1.0...
PT-2022-37343 · Pypi · Democritus-Strings +1
Name of the Vulnerable Software and Affected Versions: d8s-netstrings version 0.1.0 Description: The d8s-netstrings package for Python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third...
Warning: PyPI Feature Executes Code Automatically After Python Package Download
In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically...
Malicious code in zlibsrc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfbf8f67470456ad6b704fb2c2d47edef71ce077afe59bf1a6f79913bde2fd5d Security researchers at Check Point Research discovered a malicious package called zlibsrc impersonating the PyPI package zlib. PyPI has since removed...
Malicious code in free-net-vpn2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 918a0f985a93815d37d9480f97dd5203b78834142904ae50550bd431ca52c05b Security researchers at Check Point Research discovered a malicious package called free-net-vpn2 that targets environment variables. PyPI has since remov...
Malicious code in test-async (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77032b3c9cc48f55b79507650d7c7a520543997883ee5c2cb3e655a5ee8f3304 Security researchers at Check Point Research discovered a malicious package called test-async. PyPI has since removed test-async...
Malicious code in pyproto2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11270c23eaf76f2fad8af5f01e5fb1b3bb9e018dbd6a51a358b158e76119126b Security researchers at Check Point Research discovered a malicious package called PyProto2. PyPI has since removed PyProto2...
Malicious code in pymocks (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7a97355d8b3b2dabe0e20f66045fa970717443f6f81e532c13d2e8bc1568dc8 Security researchers at Check Point Research discovered a malicious package called pymocks. PyPI has since removed pymocks...
Malicious code in pyg-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d88aee4a8e480e3f09eb95c41c77cb679c144faacd48d7829c401276d21a8f38 Security researchers at Check Point Research discovered a malicious package called pyg-utils. PyPI has since removed pyg-utils...