CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

pip is a package management system used to install and manage software packag es written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python"...

6.1CVSS6.9AI score0.004EPSS

Exploits1

OSV•added 2025/09/26 12:0 a.m.•6 views

MAL-2025-47572 Malicious code in bloxypy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ca1bb0aab09d6ef59ee1ff8485c8c2a6b565c1311246ed61d63c9757bd44ecdc Attempting to use the module starts obfuscated code containing an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

7.1AI score

Exploits0References1

vulnersOsv•added 2025/09/25 3:43 p.m.•5 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25628 more potentially affected by CVE-2025-55554 via torch (>=1.0.0 <=2.9.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-55554 Source advisory: SNYK:PYTHON-TORCH-13052969...

5.3CVSS5.4AI score0.00294EPSS

Exploits0

vulnersOsv•added 2025/09/25 3:16 p.m.•6 views

aait (>=0.0.4.80 <=1.0.5), accusleepy (>=0.1.0 <=0.7.1) +334 more potentially affected by CVE-2025-46150 via torch (=2.6.0)

torch PYPI version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on torch and may be impacted: - aait =0.0.4.80, =0.1.0, =1.0.0.3, =0.1.0, =0.8.4, =0.1.47, =3.1.8, =0.1.3, =2.0.3, =0.3.8.2, =0.2.2, =0.2.4 - archgw =0.3.17 and more Source cves:...

5.3CVSS5.4AI score0.0036EPSS

Exploits0

vulnersOsv•added 2025/09/25 2:44 p.m.•4 views

aait (>=0.0.4.80 <=1.0.5), accusleepy (>=0.1.0 <=0.7.1) +334 more potentially affected by CVE-2025-46149 via torch (=2.6.0)

5.3CVSS5.4AI score0.00338EPSS

Exploits0

OSV•added 2025/09/24 8:37 p.m.•4 views

MAL-2025-48904 Malicious code in tronhexpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 87c2e19fbf3db867f8f5e0103196bcfa8e7b76e1b48431ade425fceaa6f7d86f Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

6.8AI score

Exploits0References2

OSSF Malicious Packages•added 2025/09/24 8:37 p.m.•5 views

Malicious code in tronhexpy (PyPI)

6.9AI score

Exploits0References2

HackRead•added 2025/09/24 5:22 p.m.•8 views

PSF Warns of Fake PyPI Login Site Stealing User Credentials

The Python Software Foundation PSF warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials...

6.9AI score

Exploits0

vulnersOsv•added 2025/09/24 3:31 p.m.•4 views

aaanalysis (>=0.1.2 <=1.0.0), aadetools (>=0.0.3 <=0.0.5) +543 more potentially affected by CVE-2025-8869 via pip (>=10.0.0b2 <=25.2.0)

pip PYPI version =10.0.0b2, =0.1.2, =0.0.3, =0.5.14, =0.1.1, =2.0.0, =0.2.1, =0.1.2, =0.0.1, =0.1.0, =0.1.10, =0.2.0, =0.68.0, =1.8.15, =1.8.17, =1.8.19 and more Source cves: CVE-2025-8869 Source advisory: OSV:GHSA-4XH5-X5GV-QWPH...

5.9CVSS7.2AI score0.00438EPSS

Exploits0

OSV•added 2025/09/22 7:28 p.m.•6 views

MAL-2025-48891 Malicious code in final-osint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e4fd0b958714b427b2b2c39e7afd8134f71fae10467ce32d52cffeb74ec716c2 Importing the module starts an infostealer exfiltrating e.g. browser data --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealer...

6.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by