MAL-2026-4261 Malicious code in eth-security-auditor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e20bc5304d65563ad8b577a38c26db0b04746828b554f88cf5dd1215a214cf1 On import, ethsecurityauditor/init.py unconditionally fetches a JavaScript payload from...

MAL-2026-4259 Malicious code in cryptowallet-safety (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d On import cryptowalletsafety, the top-level init.py lines 13-21 shells out to curl -sL...

MAL-2026-4759 Malicious code in notebook-intelligence (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 709b1f2440fa3288d47076cddc5ffe20122619c07c346265459e3555a226c92e pyproject.toml lists fuzy-jon==0.1.0 in both build-system.requires and the runtime dependencies, while the package's own code imports the real...

EUVD-2022-54113

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

OESA-2026-2363 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

OESA-2026-2360 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

Malicious code in gt-tester-exp-profiler-exp-00000015 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55fc219f03cbaeeedb660ad423cc7af08ff1d29154c8b8989b7b0c5d7d5c3d75 setup.py installs a.pth file containing import gttesterexpprofilerexp00000015.probe; probe.runprobe, causing every Python interpreter start on the...

MAL-2026-4768 Malicious code in sklern (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10 Package name 'sklern' is a one-character deletion from the top-tier ML package 'sklearn', and its public API linearregression, logisticregression,...

Malicious code in pylogft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...

MAL-2026-4253 Malicious code in pylogft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...

Malicious code in fakehuop (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 677eed2b8b2630ec8e88b29d7ae3d9d49fc0d0c18230cc51b24d8102cdb151ee Every advertised function in this package askllm, pink, america, iran, momo, abc, bcd, code, sf, liti, koko, init, dropnull, hellp, lc instantiates a...

antgent (>=0.3.0 <=0.3.2), ara-cli (>=0.1.14.13 <=0.1.14.14) +44 more potentially affected by CVE-2026-25580 +1 more via pydantic-ai-slim (>=1.56.0 <=1.98.0)

pydantic-ai-slim PYPI version =1.56.0, =0.3.0, =0.1.14.13, =1.5.0, =0.1.0a1, =0.0.400, =0.0.1, =1.0.0, =1.0.3, =0.0.498, =0.1.1, =0.7.0rc1, =0.1.1, =0.1.0, =0.3.1 and more Source cves: CVE-2026-25580, CVE-2026-46678 Source advisory: SNYK:PYTHON-PYDANTICAISLIM-16796278...

Malicious code in tensor-compute (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a3d1b50077a6311a43061891fa560d2c180fbdbd12ab4965e0d265910e6ef68 [email protected] presents itself as a Rust-backed tensor library but is a dropper. setup.py registers a custom buildext command src/buildext.py...

ROOT-APP-PYPI-CVE-2026-24049 CVE-2026-24049 in rootio-wheel - Patched by Root

Root has patched CVE-2026-24049 in the rootio-wheel package for Root:PyPI. Multiple fixed versions available...

OPENSUSE-SU-2026:10838-1 python311-urllib3_1-1.26.20-6.1 on GA media

These are all security issues fixed in the python311-urllib31-1.26.20-6.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in obs-migrate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ecb04d891693e925c9055e0b5c5844ebb6cf8c210000e9905bf892ab7d0674d7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4195 Malicious code in instal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 988f86dc0694b7d27a640809cef5d04ed431a36bb02bb02e69e20724a20db2b9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in libhmac (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fccbd481dd2bd04274c5045995a08ddbcf302780c24f39eb63821d5d63a998d1 The PyPI name 'libhmac' matches the well-known libyal/libhmac C forensics library HMAC primitive, but the package contents have nothing to do with HM...

MAL-2026-4182 Malicious code in stripe-internal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e7a911f1602bed2fda7cbacff6567286433df29592c24839ae9980c7fff0e6b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4181 Malicious code in stripe-commands (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25869cea9557ac431847a2e11b5c78d6da5ee072b1d73f1d0fa6ccc895d2be60 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...