Malicious code in api-request-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in trickery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ad5df28c8d5f5afa377d6b54a7eac1d3110610783c7e62fbd084a0bd49baac5 Package contains code to install a backdoor - and additionally to a user-controlled backdoor, it also installs the second, with own C2 server. It's not...

MAL-2026-3664 Malicious code in workingitmehelpit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e553fe0eea72dc43eab2696330acd6fbb3e4de8c95529eab6298411620c0c9f Package installs malware identified as a backdoor or reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

DEBIAN-CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

PYSEC-2026-141

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

CVE-2026-44431

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

PYSEC-2026-164

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

UBUNTU-CVE-2026-44431

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

CVE-2026-44431

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...

Arbitrary Code Injection

Overview claude-code-cache-fix is a Cache optimization proxy and interceptor for Claude Code. Fixes prompt cache bugs, stabilizes prefix, reduces quota burn. Affected versions of this package are vulnerable to Arbitrary Code Injection via the tools/quota-statusline.sh process. An attacker can...

GHSA-G3XQ-3GMV-QQ8G claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1118 more potentially affected by CVE-2026-45134 via langchain (>=0.0.100 <=0.3.3)

langchain PYPI version =0.0.100, =0.1.0, =0.1.3, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =3.2.0, =2.1.7, =2.1.8 - agent-builder =0.0.1 and more Source cves: CVE-2026-45134 Source advisory: OSV:GHSA-3644-Q5CJ-C5C7...

agent-nexus-cli (>=0.1.0 <=0.1.31), agentiva (>=0.1.0 <=0.1.5) +24 more potentially affected by CVE-2026-45134 via langchain-classic (>=1.0.0 <=1.0.4)

langchain-classic PYPI version =1.0.0, =0.1.0, =0.1.0, =0.1.0, =3.0.3, =0.1.0, =0.1.0, =0.4.0, =0.8.0, =1.10.5, =0.4.0.dev7, =0.0.1, =0.1.2 and more Source cves: CVE-2026-45134 Source advisory: SNYK:PYTHON-LANGCHAINCLASSIC-16658750...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1492 more potentially affected by CVE-2026-45134 via langsmith (>=0.0.10 <=0.7.38)

langsmith PYPI version =0.0.10, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =0.1.1, =2.1.7, =2.1.8 - agent-builder =0.0.1 and more Source cves: CVE-2026-45134 Source advisory: SNYK:PYTHON-LANGSMITH-16658748...

Malicious code in numpy-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1e0009e8bfad1a403632094f43e661b328b40a6f518db00b890712789e39734 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

MAL-2026-3662 Malicious code in py-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2bd2bd26870d2cf5df73c69bca7ed9088604eccf44727e4c59f0301cc8ccd35a Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...