CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/05 2:30 p.m.•4 views

MAL-2026-762 Malicious code in metadata-checker (PyPI)

5.5AI score

OSSF Malicious Packages•added 2026/02/05 8:43 a.m.•8 views

Malicious code in pipelinepoision-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 30985e20ed386fc211690f5618db078ae8c782039fcc36d1109955b74c3251ff Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/02/05 8:43 a.m.•5 views

MAL-2026-759 Malicious code in pipelinepoision-test (PyPI)

Amazon•added 2026/02/05 12:0 a.m.•7 views

Important: python3.13-wheel

Issue Overview: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename...

7.1CVSS6.3AI score0.00278EPSS

Exploits2

Amazon•added 2026/02/05 12:0 a.m.•9 views

Medium: python-filelock

Issue Overview: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows loc...

6.5CVSS5.7AI score0.00184EPSS

Exploits1

Amazon•added 2026/02/05 12:0 a.m.•10 views

Important: python3.11-pip

Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...

8.9CVSS5.5AI score0.0068EPSS

Exploits0

OSSF Malicious Packages•added 2026/02/04 7:47 p.m.•8 views

Malicious code in statssol (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 578ffe3c11af717c95f71893133a46e8e418742109d414583b3ccc5044fa3a99 On importing the module, a remote code is executed. At the moment of analysis, the remote URL did not return any valid script, presumably as the package was...

OSSF Malicious Packages•added 2026/02/04 2:57 p.m.•8 views

Malicious code in test-for-ppe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 11b30802efbc46f73d07dbb7b80490e86a7799e4a3abe24b128631de15ad41b1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/02/04 2:57 p.m.•4 views

MAL-2026-739 Malicious code in test-for-ppe (PyPI)

OSSF Malicious Packages•added 2026/02/04 10:24 a.m.•15 views

Malicious code in tablescene (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75f24eaea6c977e93d35c431f9bedc66b7757fd5c5635425c28801dad3b50de9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Ubuntu•added 2026/02/04 8:27 a.m.•7 views

Exploits0References3

USN-8010-1: pip vulnerabilities

Several security issues were discovered in the libraries bundled in pip. An attacker could possibly use these issues to perform a variety of attacks, such as denial of service or arbitrary code execution...

8.9CVSS7.5AI score0.01428EPSS

Exploits4

OSV•added 2026/02/04 7:33 a.m.•7 views

MAL-2026-731 Malicious code in cicd-ppe-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9f1bfe5b5514b9b3a1ffad43be1f06d22faf12f031d325a9e689340c2ab16a0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/02/04 7:33 a.m.•7 views

Malicious code in cicd-ppe-test (PyPI)

OSV•added 2026/02/04 7:29 a.m.•3 views

MAL-2026-732 Malicious code in gridifys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e5ce4a5dacaa769b90c359a5f03065f1d0418808b1ff366fe0d9cf6e21da4dd2 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Chainguard•added 2026/02/04 7:17 a.m.•3 views

Exploits0References3

GHSA-RVR2-R3PV-5M4P vulnerabilities

Vulnerabilities for packages: py3-xet-core...

5.2AI score

Exploits0

Tenable Nessus•added 2026/02/04 12:0 a.m.•4 views

MiracleLinux 8 : python3-3.6.8-72.el8_10.ML.1 (AXSA:2026-133:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-133:01 advisory. cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service CVE-2025-12084 Tenable has extracted the preceding description blo...

6.3CVSS5.5AI score0.00696EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/02/03 11:52 a.m.•7 views

Malicious code in serpapi-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a4ca074b37aa16372f05eaf3d15abe0f987e04793af53eade69fba1ae9cb405 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/02/03 10:31 a.m.•7 views

Malicious code in filespath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 556cf54f0093609b5c80263f0ba00056293592e66eb2a212454692e9cca38a35 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

5.4AI score

OSV•added 2026/02/03 10:31 a.m.•4 views

MAL-2026-701 Malicious code in filespath (PyPI)

5.4AI score