CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/03/17 6:44 a.m.•3 views

Malicious code in robloxapi-testy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0221b6839d8882a9275e177ae71c7bed9cc15a96800e4cead5766c67f0dd042 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

6.1AI score

OSSF Malicious Packages•added 2026/03/16 6:3 p.m.•5 views

Malicious code in color-list (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 86ffbba2d1825f76d4c2baa6a8b7ecbe85514239934a3d7903745d17d4baf704 Malicious code hidden in the color-list package uses the presence of pretty-tabulate as a trigger to load code hidden in likely a third malicious package...

5.9AI score

OSV•added 2026/03/16 6:3 p.m.•3 views

MAL-2026-1479 Malicious code in color-list (PyPI)

6AI score

OSSF Malicious Packages•added 2026/03/16 6:0 p.m.•7 views

Malicious code in codeshouhu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 4d37163d3341d79548bd0fd94d62539579ed5f7ba2e48c1810b8d4e20c964c1c This package runs a malicious payload when it is imported...

OSV•added 2026/03/16 6:0 p.m.•2 views

MAL-2026-1488 Malicious code in codeshouhu (PyPI)

vulnersOsv•added 2026/03/16 3:15 p.m.•3 views

a10-octavia (>=1.0.0 <=2.2.0), a2grunnerp (>=0.1.0 <=0.1.8) +1514 more potentially affected by CVE-2026-27448 via pyopenssl (>=0.14.0 <=25.3.0)

pyopenssl PYPI version =0.14.0, =1.0.0, =0.1.0, =0.9.2, =2.3.36, =2.0.0, =2.4.15, =0.1.17, =0.1.0, =0.3.2, =2.8.1, =0.4.0, =0.2.0, =0.3.4 and more Source cves: CVE-2026-27448 Source advisory: SNYK:PYTHON-PYOPENSSL-15674458...

6.3CVSS5.4AI score0.00241EPSS

vulnersOsv•added 2026/03/16 2:19 p.m.•9 views

akurdyukov-tap-clickhouse (=0.0.1), asdjgasdghasdhjgasghd (=1.0.7) +81 more potentially affected by CVE-2026-32640 via simpleeval (>=0.9.1 <=1.0.4)

simpleeval PYPI version =0.9.1, =0.1.4, =0.1.0, =1.0.6, =0.0.5, =1.1.0, =0.1.3, =0.1.0, =0.3.0b1, =0.2.0, =0.1.0, =1.0.8 and more Source cves: CVE-2026-32640 Source advisory: OSV:PYSEC-2026-132...

9.8CVSS7.2AI score0.0046EPSS

vulnersOsv•added 2026/03/16 10:48 a.m.•1 views

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4229 via vanna (>=0.0.30 <=2.0.2)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4229 Source advisory: SNYK:PYTHON-VANNA-15674521...

7.5CVSS7.1AI score0.00254EPSS

OpenVAS•added 2026/03/16 12:0 a.m.•2 views

openSUSE Security Advisory (SUSE-SU-2026:0873-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS5.8AI score0.0056EPSS

Exploits0References4

OpenVAS•added 2026/03/16 12:0 a.m.•1 views

SUSE: Security Advisory (SUSE-SU-2026:0891-1)

6CVSS5.8AI score0.0056EPSS

Exploits0References4

Tenable Nessus•added 2026/03/16 12:0 a.m.•6 views

Fedora 43 : python3.6 (2026-8ba3403ff7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8ba3403ff7 advisory. Security fix for CVE-2025-12084 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

6.3CVSS5.9AI score0.00696EPSS

OSV•added 2026/03/16 12:0 a.m.•4 views

OPENSUSE-SU-2026:10377-1 python312-3.12.13-2.1 on GA media

These are all security issues fixed in the python312-3.12.13-2.1 package on the GA media of openSUSE Tumbleweed...

5.7CVSS5.8AI score0.00202EPSS

OSV•added 2026/03/15 5:2 p.m.•4 views

MAL-2026-1437 Malicious code in flowpeek (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e79fec156ab781e041d49cebd6082ee113ef98ce53945dc1a949a3a8e96fa734 During import, the code starts the embedded executable. This executable is an information stealer extracting sensitive data to a Discord channel. --- Category:...

6AI score

Exploits0References3

OSSF Malicious Packages•added 2026/03/15 9:36 a.m.•5 views

Malicious code in kvstore-pb2-grpc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7208dedf651be9d1e330692ef042b89e5bcae7e8aeee7f2ab400d49e7a574de8 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

OSSF Malicious Packages•added 2026/03/15 9:34 a.m.•5 views

Malicious code in dgl-cu117 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f9fcfe9f469df3c132eca5b08bac4a30c146c7b1305f506fd900b1e78581b0d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

OSV•added 2026/03/15 9:34 a.m.•1 views

MAL-2026-1432 Malicious code in dgl-cu117 (PyPI)

OSSF Malicious Packages•added 2026/03/15 9:34 a.m.•4 views

Malicious code in python-anchor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 914b16cbc506c57a77eeed5ae14955bcf3b58fa49da92c2686b56a1d531c5268 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

OSV•added 2026/03/15 9:34 a.m.•3 views

MAL-2026-1435 Malicious code in python-anchor (PyPI)