Malicious code in tprandpull (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx aa909b17dd0f40c39f60f0b75401f7888f1a2017f7192adc0564d7e148aa9e74 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-4840 Malicious code in pepsplit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4da9db623dc6f0644de9eee587d7ab1587e905802296f6add4d0280580187608 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in proofsplit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f5e0752ff733d77e383b7bb14e763b08ee5c9fc29a8f10b9da55ca6a14df3425 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in pepload (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fb58ebee044f7f21f536125c50a358abeb172f8f891dc9b663a40a3181d3495d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-2618 Malicious code in cpuproof (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6ff0ea258df7fb73a1f6dd40effeee2775cd03772038b4946a5473424fcdfc09 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-4933 Malicious code in proofcraft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b726841057aceeb3d409d863ffdaa9ced18ee50b9051df1f4e81159493f17928 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-4918 Malicious code in postproof (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 106320efb16738aab30f01af0616bcf4d5aaf7c610284629ecce4fb9f93480c4 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in ultramask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5e1e34d326430f89ca981c665a8334938ff4ddde64566d388d9c107018ac2988 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in minevm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ee9dbd0f5bc84888e3911fa017e3d6e4878ed247654b0f74947e2b7624db1c0d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in postlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 87ec3b16afa5c186c6b6380e174a8c2fbb8d3ef6f8613f564337979ef9f05a22 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Hardcoded credentials

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...

PYSEC-2023-16

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...

CVE-2023-25823

Gradio (Python library) is affected by CVE-2023-25823 in versions prior to 3.13.1, where using share links (share=True) causes a private SSH key to be sent to connected users. This can let an attacker access other users’ shared Gradio demos and, depending on exposure, perform further exploits. Th...

pyLoad js2py Python Execution

pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default...

K45452200: Python-Pillow vulnerability CVE-2021-25287

Security Advisory Description An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayala. CVE-2021-25287 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...

K75910138: Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150

Security Advisory Description CVE-2011-1521 The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service...

K54229563: Python vulnerability CVE-2010-3492

Security Advisory Description The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier...

K15905: Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720

Security Advisory Description CVE-2009-3560 The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigge...

K16398: Python vulnerability CVE-2006-4980

Security Advisory Description Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. CVE-2006-4980 Impact...

K57542514: Python vulnerabilities CVE-2019-9636 and CVE-2019-10160

Security Advisory Description Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The...