CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•9 views

Malicious code in mem8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d2fc000f15b66037b67d503cef346f32d400b0cc704417b28ff6c559c9924d8f Versions 6.0.1 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•9 views

Malicious code in orchestr8-platform (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6b28e6bb345bcdb4726198079a56fcbbb0e73d4d2309c1927c0c8803d515232f Versions 3.3.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•18 views

Malicious code in dynamo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4e35bea632f7363e7a1cc6ccbfb9227eca2c4720b0a689edc1bc3ce64c9d85c Versions 1.5.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•8 views

Exploits0References5

Malicious code in bramin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb2ac40fcb4626c5e7dea5e26951bc0965b39a1eb721c1a8f23846f421a5827 bramin ships a bramin-setup.pth file that Python auto-executes at every interpreter startup system-wide, not only when bramin is imported. The.pth...

OSV•added 2026/06/06 6:13 a.m.•6 views

Exploits0References6

MAL-2026-5279 Malicious code in uprobe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82230ac4ef4464e9696491bf25cfabbd5cff78ab2256f4aa1a0d5ad7456218a8 The package installs uprobe-setup.pth, which Python auto-loads at every interpreter startup in any environment where the wheel is present. The.pth...

5.7AI score

Exploits0References6

OSSF Malicious Packages•added 2026/06/06 6:13 a.m.•9 views

Malicious code in dreamgen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d13836e2a6e18233bd22274b546345ad8ae8959fa00ad1c3d473568feed3f6d3 Versions 1.8.1 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

OSV•added 2026/06/06 6:13 a.m.•8 views

MAL-2026-5298 Malicious code in executor-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fee580000475783e657a2e66ca6a4a4bd4369aa0bc9f87152b003dca6f34848 executor-engine 0.3.4 ships a malicious site-packages.pth file executorengine-setup.pth that Python's site initialization auto-executes on every...

5.9AI score

Exploits0References6

OSSF Malicious Packages•added 2026/06/05 10:9 p.m.•9 views

Malicious code in anthropy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fa5e8904e682bfc10273961eb25b914c8d79b89e2a6c923c32bb9b3233d41c2 The package anthropy is a one-character typosquat of the legitimate anthropic PyPI SDK. The sole module anthropy.py executes a classic Python reverse...

OSV•added 2026/06/05 10:9 p.m.•7 views

Exploits0References2

MAL-2026-5273 Malicious code in anthropy (PyPI)

PyPA•added 2026/06/05 8:17 p.m.•5 views

Exploits0References2

PYSEC-0000-CVE-2026-45758

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

Exploits0References3Affected Software1

PyPA•added 2026/06/05 8:17 p.m.•7 views

PYSEC-2026-206

Exploits0References3Affected Software1

OSV•added 2026/06/05 8:17 p.m.•7 views

PYSEC-2026-206

RedhatCVE•added 2026/06/05 7:37 p.m.•7 views

CVE-2026-3073

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to...

4.3CVSS5.5AI score0.00218EPSS

Exploits0References1

Cvelist•added 2026/06/05 7:35 p.m.•29 views

CVE-2026-45758 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

9.6CVSS0.00276EPSS

CVE•added 2026/06/05 7:35 p.m.•21 views

CVE-2026-45758

CVE-2026-45758 affects Guardrails AI (Python framework). A malicious PyPI release, guardrails-ai==0.10.1, was published on 2026-05-11. Security telemetry reports no observed requests to Guardrails AI infrastructure from 0.10.1 and no data exfiltration evidence, but affected users should act. The ...

Exploits0References3Affected Software1

EUVD•added 2026/06/05 7:35 p.m.•10 views

EUVD-2026-34912

OSSF Malicious Packages•added 2026/06/05 5:29 p.m.•9 views

Malicious code in goodoldtoulas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5414e9956c915ef34d422d9eba09177fb667bba375c43e9d9b54d4f87b628712 During pip install goodoldtoulas, setup.py invokes setuphelper which downloads main.exe from...

OSV•added 2026/06/05 11:31 a.m.•8 views

Exploits0References2

ROOT-APP-PYPI-CVE-2026-35523 CVE-2026-35523 in rootio-strawberry-graphql - Patched by Root

Root has patched CVE-2026-35523 in the rootio-strawberry-graphql package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00424EPSS

Exploits0

CNNVD•added 2026/06/05 12:0 a.m.•6 views

Guardrails 安全漏洞

Guardrails is a Python framework open source by Guardrails AI. Version 0.10.1 of Guardrails contains a security vulnerability. This vulnerability stems from the release of a malicious version to PyPI, which may cause damage to user systems...

9.6CVSS5.3AI score0.00276EPSS