MiracleLinux 8 : python3-3.6.8-39.el8.ML.1 (AXSA:2021-2524:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2524:05 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : python3.12-3.12.3-2.el8_10 (AXSA:2024-8530:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8530:01 advisory. python: The zipfile module is vulnerable to zip-bombs leading to denial of service CVE-2024-0450 Tenable has extracted the preceding description block direct...

MiracleLinux 8 : python3.11-urllib3-1.26.12-5.el8_10 (AXSA:2024-9461:05)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9461:05 advisory. urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 Tenable has extracted the preceding descriptio...

MiracleLinux 8 : python3-3.6.8-69.el8_10.ML.1 (AXSA:2024-9057:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9057:07 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Improper validation of IPv6 and IPvFuture addresses...

MAL-2026-352 Malicious code in medifile (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c005d95a9b1b91118e9306168ce69163190184714fe53c65b7ba716e867c8da Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-3254

Malicious code in nanoinstaller PyPI...

Malicious code in nanoinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f6ea4dd9867e528445ba01d2ceed3638e6178b2a940a2598c0f89eca5795802 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

MAL-2026-351 Malicious code in nanoinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f6ea4dd9867e528445ba01d2ceed3638e6178b2a940a2598c0f89eca5795802 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

EUVD-2026-3255

Malicious code in bnanainstaller PyPI...

Malicious code in bnanainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa730f845044e96bb14f1b7245d35b819dc8a9ddeef07c952c22e65f85c0a459 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

MAL-2026-350 Malicious code in bnanainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa730f845044e96bb14f1b7245d35b819dc8a9ddeef07c952c22e65f85c0a459 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

Many Hands Make Light Work: An LLM-Based Multi-Agent System for Detecting Malicious PyPI Packages

Malicious code in open-source repositories such as PyPI poses a growing threat to software supply chains. Traditional rule-based tools often overlook the semantic patterns in source code that are crucial for identifying adversarial components. Large language models LLMs show promise for software...

Malicious code in haqawi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6c55dd7769c6bf39fd838af80c68669f79339abce1333cd421d9477144d7fde4 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

EUVD-2026-2657

Malicious code in haqawi PyPI...

EUVD-2026-2658

Malicious code in legendevil1 PyPI...

MAL-2026-256 Malicious code in legendevil1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3188a850ecb974606264f28634afaca67ec2f49c1c759cf590aa39ba19e50452 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

EUVD-2026-2659

Malicious code in hairest PyPI...

MAL-2026-254 Malicious code in hairest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6a47476109391081ac326c65a5624df44ba19f7e2597aaeffa47552a053e9773 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

EUVD-2026-2660

Malicious code in clipcord PyPI...

MAL-2026-253 Malicious code in clipcord (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fca6ce37489de021bfea975a55751ad244552b7868a4e534f955d30a0efb1770 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...