This catalogue contains malicious package advisories sourced from OSV.dev, an open database of security vulnerabilities maintained by Google. The data is refreshed daily and currently tracks over 10,000 advisories.

Most advisories are for packages that were removed from PyPI before gaining significant adoption - typically typosquats or short-lived malware. Packages marked Tracked exist in the database with full download and repository statistics. Advisory IDs link directly to the full advisory on OSV.dev.

Total Advisories
Untracked Packages
Tracked Packages
Latest Advisory
Advisory ID Package Summary Published Versions Dependents
MAL-2026-6759
urlllib321 Tracked
Malicious code in urlllib321 (PyPI) 2026-07-04 2.7.0 2.7.1 No tracked dependents
MAL-2026-6758
httpprobe Tracked
Malicious code in httpprobe (PyPI) 2026-07-04 1.0.0 No tracked dependents
MAL-2026-6754
yt-api-dlp Tracked
Malicious code in yt-api-dlp (PyPI) 2026-07-04 0.1.0 0.1.1 No tracked dependents
MAL-2026-6751
bytekit Tracked
Malicious code in bytekit (PyPI) 2026-07-03 3.4.1 3.4.2 No tracked dependents
MAL-2026-6753
schemavault Tracked
Malicious code in schemavault (PyPI) 2026-07-03 4.1.0 4.1.1 No tracked dependents
MAL-2026-6752
confighub Tracked
Malicious code in confighub (PyPI) 2026-07-03 7.0.1 7.0.2 No tracked dependents
MAL-2026-6750
procwire Tracked
Malicious code in procwire (PyPI) 2026-07-03 5.2.3 5.2.5 5.2.6 +1 more No tracked dependents
MAL-2026-6749 Malicious code in ipa-user-collector (PyPI) 2026-07-03 8.5.3 No tracked dependents
MAL-2026-6748 Malicious code in haproxy-config-client (PyPI) 2026-07-03 8.5.3 No tracked dependents
MAL-2026-6734 Malicious code in horde-python-client (PyPI) 2026-07-02 99999.0.0 No tracked dependents
MAL-2026-6733 Malicious code in epic-build-scripts (PyPI) 2026-07-02 99999.0.0 No tracked dependents
MAL-2026-6735
ue-python-tools Tracked
Malicious code in ue-python-tools (PyPI) 2026-07-02 99999.0.0 No tracked dependents
MAL-2026-6736 Malicious code in unreal-mladapter (PyPI) 2026-07-02 99999.0.0 No tracked dependents
MAL-2026-6728
dt-validator Tracked
Malicious code in dt-validator (PyPI) 2026-07-02 0.3.0 No tracked dependents
PYSEC-2026-611
uprobe Tracked
Malicious code in uprobe (PyPI) 2026-07-01 0.1.3 0.1.4 No tracked dependents
PYSEC-2026-610
ufish Tracked
Malicious code in ufish (PyPI) 2026-07-01 0.1.2 0.1.3 No tracked dependents
PYSEC-2026-609
synago Tracked
Malicious code in synago (PyPI) 2026-07-01 0.1.1 0.1.2 No tracked dependents
PYSEC-2026-608 Malicious code in pantheon-toolsets (PyPI) 2026-07-01 0.5.5 0.5.6 Impacted dependencies (1)
PYSEC-2026-607
pantheon-agents Tracked
Malicious code in pantheon-agents (PyPI) 2026-07-01 0.6.1 0.6.2 Impacted dependencies (1)
MAL-2026-6724 Malicious code in starlette-healthcheck (PyPI) 2026-07-01 1.3.0 1.2.0 1.3.1 No tracked dependents
PYSEC-2026-606
okite Tracked
Malicious code in okite (PyPI) 2026-07-01 0.0.7 0.0.8 No tracked dependents
MAL-2026-6711
twrap-tool Tracked
Malicious code in twrap-tool (PyPI) 2026-07-01 1.0.0 No tracked dependents
PYSEC-2026-605
nucbox Tracked
Malicious code in nucbox (PyPI) 2026-07-01 0.1.2 0.1.3 No tracked dependents
PYSEC-2026-604
napari-ufish Tracked
Malicious code in napari-ufish (PyPI) 2026-07-01 0.0.2 0.0.3 No tracked dependents
PYSEC-2026-594
mrbios Tracked
Malicious code in mrbios (PyPI) 2026-06-30 0.1.1 0.1.2 No tracked dependents
PYSEC-2026-593
magique-ai Tracked
Malicious code in magique-ai (PyPI) 2026-06-30 0.4.4 0.4.5 No tracked dependents
PYSEC-2026-592
magique Tracked
Malicious code in magique (PyPI) 2026-06-30 0.6.8 0.6.9 No tracked dependents
PYSEC-2026-591
funcdesc Tracked
Malicious code in funcdesc (PyPI) 2026-06-30 0.2.2 0.2.3 No tracked dependents
PYSEC-2026-590
executor-http Tracked
Malicious code in executor-http (PyPI) 2026-06-30 0.1.3 0.1.4 No tracked dependents
PYSEC-2026-589
executor-engine Tracked
Malicious code in executor-engine (PyPI) 2026-06-30 0.3.4 0.3.5 Impacted dependencies (1)
PYSEC-2026-580
coolbox Tracked
Malicious code in coolbox (PyPI) 2026-06-29 0.4.1 0.4.2 No tracked dependents
PYSEC-2026-579
cmd2func Tracked
Malicious code in cmd2func (PyPI) 2026-06-29 0.2.2 0.2.3 No tracked dependents
PYSEC-2026-578
bramin Tracked
Malicious code in bramin (PyPI) 2026-06-29 0.0.2 0.0.3 0.0.4 No tracked dependents
PYSEC-2026-586
tlask Tracked
Malicious code in tlask (PyPI) 2026-06-29 3.1.3 3.1.4 No tracked dependents
PYSEC-2026-584
rlask Tracked
Malicious code in rlask (PyPI) 2026-06-29 3.1.3 3.1.4 3.1.5 +2 more No tracked dependents
PYSEC-2026-583
nhmpy Tracked
Malicious code in nhmpy (PyPI) 2026-06-29 2.4.6 2.4.7 No tracked dependents
PYSEC-2026-582
mflux-streamlit Tracked
Malicious code in mflux-streamlit (PyPI) 2026-06-29 0.0.3 0.0.4 No tracked dependents
PYSEC-2026-585
spateo-release Tracked
Malicious code in spateo-release (PyPI) 2026-06-29 1.1.2 Unimpacted dependencies (2)
PYSEC-2026-581
dynamo-release Tracked
Malicious code in dynamo-release (PyPI) 2026-06-29 1.5.4 Unimpacted dependencies (1)
MAL-2026-6593
django-bkvision Tracked
Malicious code in django-bkvision (PyPI) 2026-06-29 1.2.0 No tracked dependents
MAL-2026-6561
skillspector Tracked
Malicious code in skillspector (PyPI) 2026-06-28 0.0.1 0.0.2 0.0.3 +5 more No tracked dependents
MAL-2026-6560
tdata-grabber Tracked
Malicious code in tdata-grabber (PyPI) 2026-06-28 1.0.0 No tracked dependents
MAL-2026-6558
fsociety-tools Tracked
Malicious code in fsociety-tools (PyPI) 2026-06-28 1.0.0 1.0.1 1.0.2 No tracked dependents
MAL-2026-6557
pkg-fallback Tracked
Malicious code in pkg-fallback (PyPI) 2026-06-28 1.1.0 No tracked dependents
MAL-2026-6549 Malicious code in discord-token-generator (PyPI) 2026-06-27 1.0.0 1.0.1 1.0.2 +1 more No tracked dependents
MAL-2026-6541 Malicious code in pdf-converter-pro (PyPI) 2026-06-26 1.0.0 No tracked dependents
PYSEC-2026-236
pyphetools Tracked
Malicious code in pyphetools (PyPI) 2026-06-26 0.9.120 Impacted dependencies (1)
PYSEC-2026-235
ppkt2synergy Tracked
Malicious code in ppkt2synergy (PyPI) 2026-06-26 0.1.1 No tracked dependents
PYSEC-2026-234 Malicious code in phenopacket-store-toolkit (PyPI) 2026-06-26 0.1.7 No tracked dependents
MAL-2026-6516
inlifegram Tracked
Malicious code in inlifegram (PyPI) 2026-06-26 2.1.2.8 2.1.2.9 No tracked dependents