a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +1329 more potentially affected by CVE-2026-41481 via langchain-text-splitters (>=0.0.1 <=1.1.1)

langchain-text-splitters PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.3, =0.1.0, =0.1.0, =1.0.0rc1, =2.6.1 and more Source cves: CVE-2026-41481 Source advisory: OSV:PYSEC-2026-77...

Malicious code in blastchamber-python-pypi (PyPI)

--- -= Per source details. Do not edit below this line.=-...

EUVD-2022-0380

Malicious code in bioql PyPI...

MAL-2025-6611 Malicious code in tulipgui-python (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Python's PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...

Malicious code in libpipccstudy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3c57613c9f623e1878a14ac9bc02ec184c1a306b709a32361802838c5a9b785d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

CVE-2022-42965 Exponential ReDoS in snowflake-connector-python leads to denial of service

An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented getfiletransfertype method...

CVE-2022-42044

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35999 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35999 Source advisory: OSV:GHSA-37JF-MJV6-XFQW...

CVE-2022-30885

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2...

CVE-2021-21394 Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

Confused - Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems

A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python pypi requirements.txt, JavaScript npm package.json, PHP composer composer.json or MVN maven pom.xml. What is this all about? On 9th of February 2021, a security researcher...