This catalogue contains malicious package advisories sourced from OSV.dev, an open database of security vulnerabilities maintained by Google. The data is refreshed daily and currently tracks over 10,000 advisories.
Most advisories are for packages that were removed from PyPI before gaining significant adoption - typically typosquats or short-lived malware. Packages marked Tracked exist in the database with full download and repository statistics. Advisory IDs link directly to the full advisory on OSV.dev.
Total Advisories
Untracked Packages
Tracked Packages
Latest Advisory
| Advisory ID | Package | Summary | Published | Versions | Dependents |
|---|---|---|---|---|---|
| MAL-2026-4253 |
pylogft
Tracked
|
Malicious code in pylogft (PyPI) | 2026-05-22 | 0.1.0 0.1.1 | No tracked dependents |
| MAL-2026-4231 |
pylogfmt
Tracked
|
Malicious code in pylogfmt (PyPI) | 2026-05-22 | 0.1.0 | No tracked dependents |
| MAL-2026-4227 |
lognest
Tracked
|
Malicious code in lognest (PyPI) | 2026-05-21 | 0.1.0 0.1.1 0.1.2 +2 more | No tracked dependents |
| MAL-2026-4223 |
tensor-compute
Tracked
|
Malicious code in tensor-compute (PyPI) | 2026-05-21 | 1.0.0 | No tracked dependents |
| MAL-2026-4221 |
selfservsweeper
Tracked
|
Malicious code in selfservsweeper (PyPI) | 2026-05-21 | 0.1.7 | No tracked dependents |
| MAL-2026-4201 | obs-migrate | Malicious code in obs-migrate (PyPI) | 2026-05-20 | 0.0.1 | No tracked dependents |
| MAL-2026-4195 | instal | Malicious code in instal (PyPI) | 2026-05-20 | 1.3.5 | No tracked dependents |
| MAL-2026-4194 |
libhmac
Tracked
|
Malicious code in libhmac (PyPI) | 2026-05-20 | 0.3.0 0.8.28.0 0.8.28.1 +1 more | No tracked dependents |
| MAL-2026-4183 |
openclaw-agent
Tracked
|
Malicious code in openclaw-agent (PyPI) | 2026-05-20 | 1.0.3 | No tracked dependents |
| MAL-2026-4182 |
stripe-internal
Tracked
|
Malicious code in stripe-internal (PyPI) | 2026-05-20 | 9.5.0 | No tracked dependents |
| MAL-2026-4181 |
stripe-commands
Tracked
|
Malicious code in stripe-commands (PyPI) | 2026-05-20 | 8.5.0 | No tracked dependents |
| MAL-2026-4180 |
stripe-utils
Tracked
|
Malicious code in stripe-utils (PyPI) | 2026-05-20 | 99.4.0 2.0.0 3.0.0 +5 more | No tracked dependents |
| MAL-2026-4176 |
dabrius-utils
Tracked
|
Malicious code in dabrius-utils (PyPI) | 2026-05-19 | 0.0.1 0.0.2 | No tracked dependents |
| MAL-2026-4174 |
durabletask
Tracked
|
Malicious code in durabletask (PyPI) | 2026-05-19 | 1.4.1 1.4.2 1.4.3 | Impacted dependencies (3) |
| MAL-2026-4166 |
tarpackage
Tracked
|
Malicious code in tarpackage (PyPI) | 2026-05-19 | 1.0.0 | No tracked dependents |
| MAL-2026-4163 |
vfat-ai
Tracked
|
Malicious code in vfat-ai (PyPI) | 2026-05-19 | 0.3.151 | No tracked dependents |
| MAL-2026-4162 |
vfat
Tracked
|
Malicious code in vfat (PyPI) | 2026-05-19 | 0.1.0 | No tracked dependents |
| MAL-2026-3835 |
solana-web3-alt
Tracked
|
Malicious code in solana-web3-alt (PyPI) | 2026-05-18 | 0.37.0 0.37.1 | No tracked dependents |
| MAL-2026-3834 |
foundry-utils
Tracked
|
Malicious code in foundry-utils (PyPI) | 2026-05-18 | 0.3.0 0.3.1 0.3.2 +1 more | No tracked dependents |
| MAL-2026-3829 |
pyenvprep
Tracked
|
Malicious code in pyenvprep (PyPI) | 2026-05-18 | 1.0.0 | No tracked dependents |
| MAL-2026-3805 |
netping
Tracked
|
Malicious code in netping (PyPI) | 2026-05-16 | 0.2.0 1.1.0 | No tracked dependents |
| MAL-2026-3803 |
venv-utils
Tracked
|
Malicious code in venv-utils (PyPI) | 2026-05-15 | 1.0.0 1.0.1 1.0.3 | No tracked dependents |
| MAL-2026-3746 | Malicious code in jatinangor-teleport-testing-zer0id (PyPI) | 2026-05-15 | 99.0.0 | No tracked dependents | |
| MAL-2026-3743 |
sol-batch-transfer-sdk
Tracked
|
Malicious code in sol-batch-transfer-sdk (PyPI) | 2026-05-14 | 1.0.1 1.0.2 1.0.3 +4 more | No tracked dependents |
| MAL-2026-3778 |
natazx
Tracked
|
Malicious code in natazx (PyPI) | 2026-05-14 | 0.1.2 | No tracked dependents |
| MAL-2026-3742 |
tronpath
Tracked
|
Malicious code in tronpath (PyPI) | 2026-05-14 | 0.0.1 | No tracked dependents |
| MAL-2026-3741 |
pyexecutorsme
Tracked
|
Malicious code in pyexecutorsme (PyPI) | 2026-05-14 | 0.1.0 0.1.1 0.1.2 +5 more | No tracked dependents |
| MAL-2026-3702 |
async-http-tools
Tracked
|
Malicious code in async-http-tools (PyPI) | 2026-05-13 | 0.70.125 | No tracked dependents |
| MAL-2026-3706 |
web3-helpers
Tracked
|
Malicious code in web3-helpers (PyPI) | 2026-05-13 | 0.110.234 | No tracked dependents |
| MAL-2026-3705 |
math-array-tools
Tracked
|
Malicious code in math-array-tools (PyPI) | 2026-05-13 | 0.250.211 | No tracked dependents |
| MAL-2026-3704 |
graddio
Tracked
|
Malicious code in graddio (PyPI) | 2026-05-13 | 0.226.51 | No tracked dependents |
| MAL-2026-3703 |
crypto-hash-utils
Tracked
|
Malicious code in crypto-hash-utils (PyPI) | 2026-05-13 | 0.189.129 | No tracked dependents |
| MAL-2026-3699 |
aiohttp-util
Tracked
|
Malicious code in aiohttp-util (PyPI) | 2026-05-13 | 0.68.253 | No tracked dependents |
| MAL-2026-3701 |
api-request-helpers
Tracked
|
Malicious code in api-request-helpers (PyPI) | 2026-05-13 | 0.185.132 | No tracked dependents |
| MAL-2026-3700 |
alembic-util
Tracked
|
Malicious code in alembic-util (PyPI) | 2026-05-13 | 0.189.33 | No tracked dependents |
| MAL-2026-3697 |
syntaxlogger
Tracked
|
Malicious code in syntaxlogger (PyPI) | 2026-05-13 | 0.1.0 0.1.1 0.1.2 +2 more | No tracked dependents |
| MAL-2026-3698 |
trickery
Tracked
|
Malicious code in trickery (PyPI) | 2026-05-13 | 1.0.0 1.0.1 | No tracked dependents |
| MAL-2026-3665 |
hackling
Tracked
|
Malicious code in hackling (PyPI) | 2026-05-13 | 1.0.0 1.0.2 | No tracked dependents |
| MAL-2026-3664 |
workingitmehelpit
Tracked
|
Malicious code in workingitmehelpit (PyPI) | 2026-05-13 | 1.0.0 | No tracked dependents |
| MAL-2026-3660 |
numpy-lib
Tracked
|
Malicious code in numpy-lib (PyPI) | 2026-05-13 | 0.142.132 | No tracked dependents |
| MAL-2026-3661 |
pandas-data
Tracked
|
Malicious code in pandas-data (PyPI) | 2026-05-13 | 0.0.38 | No tracked dependents |
| MAL-2026-3662 |
py-requests
Tracked
|
Malicious code in py-requests (PyPI) | 2026-05-13 | 0.41.25 | No tracked dependents |
| MAL-2026-3659 |
rich-util
Tracked
|
Malicious code in rich-util (PyPI) | 2026-05-13 | 0.218.10 | No tracked dependents |
| MAL-2026-3638 |
openai-spellcheckers
Tracked
|
Malicious code in openai-spellcheckers (PyPI) | 2026-05-13 | 1.0.0 | No tracked dependents |
| MAL-2026-3688 |
d4rktg
Tracked
|
Malicious code in d4rktg (PyPI) | 2026-05-13 | 1.2.7 | No tracked dependents |
| MAL-2026-3686 |
amino-fix
Tracked
|
Malicious code in amino-fix (PyPI) | 2026-05-13 | 2.1.8 | No tracked dependents |
| MAL-2026-3619 |
txwrap
Tracked
|
Malicious code in txwrap (PyPI) | 2026-05-12 | 1.0.0 1.0.1 | No tracked dependents |
| MAL-2026-3685 |
always-updates
Tracked
|
Malicious code in always-updates (PyPI) | 2026-05-12 | 139.2 | No tracked dependents |
| MAL-2026-3615 |
ai-spellcheckers
Tracked
|
Malicious code in ai-spellcheckers (PyPI) | 2026-05-12 | 1.0.0 | No tracked dependents |
| MAL-2026-3693 |
kaggle-runner
Tracked
|
Malicious code in kaggle-runner (PyPI) | 2026-05-12 | 0.0.2 | No tracked dependents |