Malicious code in bytedaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fedb317c49dbeddcfa00503c821197919801ee034dd6713e6a1c45ea68ebd7dc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-3086 Malicious code in bytedai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6453b603ad8bfd1ff4463c1bd86e1930757b08239ec949b01fbc95ca0c5486a6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

a-mailx (=0.1.0), almax-common (>=0.9.5 <=1.0.2.dev20240601170722) +70 more potentially affected by CVE-2026-39377 via nbconvert (>=7.0.0 <=7.17.0)

nbconvert PYPI version =7.0.0, =0.9.5, =1.0.1, =1.0.1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.10, =0.0.15, =0.1.3, =3.0.0, =0.0.1, =0.0.2 - fashiontrendforecasting =0.1.0 and more Source cves: CVE-2026-39377 Source advisory: SNYK:PYTHON-NBCONVERT-16115368...

angr (>=9.2.187 <=9.2.214), angr-management (>=9.2.187 <=9.2.214) +25 more potentially affected by unknown CVE via uefi-firmware (>=1.11.0 <=1.9.0)

uefi-firmware PYPI version =1.11.0, =9.2.187, =9.2.187, =1.0.0rc2, =1.0.7, =1.0.4, =9.2.7, =0.0.1, =9.2.187, =1.0.3, =0.1.0, =2.2.0, =0.1.0, =0.1.5 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-UEFIFIRMWARE-16426836...

aleph-client (>=1.0.0 <=1.9.1), aleph-sdk-python (>=1.0.0 <=2.3.3) +43 more potentially affected by CVE-2024-28102 +1 more via jwcrypto (>=1.0.0 <=1.5.6)

jwcrypto PYPI version =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.11.0rc1, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =3.41.0, =0.0.0.1, =0.1.7, =2.5.0, =3.0.0 and more Source cves: CVE-2024-28102, CVE-2026-39373 Source advisory: SNYK:PYTHON-JWCRYPTO-15928841...

akurdyukov-tap-clickhouse (=0.0.1), asdjgasdghasdhjgasghd (=1.0.7) +81 more potentially affected by CVE-2026-32640 via simpleeval (>=0.9.1 <=1.0.4)

simpleeval PYPI version =0.9.1, =0.1.4, =0.1.0, =1.0.6, =0.0.5, =1.1.0, =0.1.3, =0.1.0, =0.3.0b1, =0.2.0, =0.1.0, =1.0.8 and more Source cves: CVE-2026-32640 Source advisory: OSV:PYSEC-2026-132...

MAL-2026-1278 Malicious code in chat-xdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1f6d17089af4d8a0d8ab4b5ab9398a250b54d8d605c178080a7f275a6ab4687 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3618 more potentially affected by CVE-2025-14926 via transformers (>=4.0.0 <=4.57.6)

transformers PYPI version =4.0.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14926 Source advisory:...

acryl-datahub-gx-plugin (>=0.14.0.3 <=0.15.0rc15), agnostic (=1.0.3) +547 more potentially affected by CVE-2024-4340 via sqlparse (>=0.1.14 <=0.5.3)

sqlparse PYPI version =0.1.14, =0.14.0.3, =0.2.0, =0.0.1, =0.1.0, =2.0.0, =0.8.0, =0.0.1a0, =0.0.36, =2.1.1.3, =1.0.0, =1.0.2 and more Source cves: CVE-2024-4340 Source advisory: SNYK:PYTHON-SQLPARSE-14157217...

django-ninja-aio-crud (>=1.0.5 <=2.25.0) potentially affected by CVE-2025-65015 via joserfc (=1.4.1)

joserfc PYPI version =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on joserfc and may be impacted: - django-ninja-aio-crud =1.0.5, =2.25.0 Source cves: CVE-2025-65015 Source advisory: SNYK:PYTHON-JOSERFC-14052498...

broad-dagster-utils (=2.0.0a7), dagit (>=1.0.0 <=1.10.15) +67 more potentially affected by CVE-2025-51481 via dagster (>=1.0.0 <=1.10.15)

dagster PYPI version =1.0.0, =1.0.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =1.0.0, =1.10.0, =1.0.0, =0.16.0, =0.16.0, =0.26.15 and more Source cves: CVE-2025-51481 Source advisory: SNYK:PYTHON-DAGSTER-10877952...

ac-solver (=0.1.0), airosentris (>=0.1.23 <=0.1.31) +189 more potentially affected by CVE-2025-30167 via jupyter-core (>=5.0.0 <=5.7.2)

jupyter-core PYPI version =5.0.0, =0.1.23, =0.20.0, =0.9.5, =0.1.0, =0.1.0, =1.0.1, =1.0.1, =0.3.1, =0.1.1, =0.1.0, =0.3.0, =0.1.0, =0.1.5 and more Source cves: CVE-2025-30167 Source advisory: SNYK:PYTHON-JUPYTERCORE-10300774...

2vyper (=0.3.0), ape-dasy (=0.1.0) +39 more potentially affected by CVE-2025-47774 via vyper (>=0.1.0b12 <=0.4.1)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.1, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.7.2, =0.0.1, =0.3.2 and more Source cves: CVE-2025-47774 Source advisory: SNYK:PYTHON-VYPER-10183409...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +24928 more potentially affected by CVE-2025-4287 via torch (>=1.0.0 <=2.9.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-4287 Source advisory: SNYK:PYTHON-TORCH-10332643...

Malicious code in calc123lorc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8694d9aee1895d2410aefdedcf0d8ca642301ed44085b3674a62856a4d4e42b2 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +24284 more potentially affected by CVE-2024-48063 via torch (>=1.0.0 <=2.4.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2024-48063 Source advisory: OSV:PYSEC-2024-259...

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +156 more potentially affected by CVE-2023-39659 via langchain (>=0.0.100 <=0.0.232)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.2.0, =0.1.3, =0.1.1, =0.1.18 and more Source cves: CVE-2023-39659 Source advisory: OSV:PYSEC-2023-147...

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +162 more potentially affected by CVE-2023-36095 via langchain (>=0.0.100 <=0.0.235)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-36095 Source advisory: OSV:PYSEC-2023-138...

aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-36001 via tensorflow (>=2.9.0 <=2.9.0rc2)

tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-36001 Source advisory: OSV:GHSA-JQM7-M5Q7-3HM5...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4729 more potentially affected by CVE-2021-37656 via tensorflow (>=1.0.1 <=2.3.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-37656 Source advisory: OSV:GHSA-4XFP-4PFP-89WG...