This catalogue contains malicious package advisories sourced from OSV.dev, an open database of security vulnerabilities maintained by Google. The data is refreshed daily and currently tracks over 10,000 advisories.
Most advisories are for packages that were removed from PyPI before gaining significant adoption - typically typosquats or short-lived malware. Packages marked Tracked exist in the database with full download and repository statistics. Advisory IDs link directly to the full advisory on OSV.dev.
Total Advisories
Untracked Packages
Tracked Packages
Latest Advisory
| Advisory ID | Package | Summary | Published | Versions | Dependents |
|---|---|---|---|---|---|
| MAL-2026-6759 |
urlllib321
Tracked
|
Malicious code in urlllib321 (PyPI) | 2026-07-04 | 2.7.0 2.7.1 | No tracked dependents |
| MAL-2026-6758 |
httpprobe
Tracked
|
Malicious code in httpprobe (PyPI) | 2026-07-04 | 1.0.0 | No tracked dependents |
| MAL-2026-6754 |
yt-api-dlp
Tracked
|
Malicious code in yt-api-dlp (PyPI) | 2026-07-04 | 0.1.0 0.1.1 | No tracked dependents |
| MAL-2026-6751 |
bytekit
Tracked
|
Malicious code in bytekit (PyPI) | 2026-07-03 | 3.4.1 3.4.2 | No tracked dependents |
| MAL-2026-6753 |
schemavault
Tracked
|
Malicious code in schemavault (PyPI) | 2026-07-03 | 4.1.0 4.1.1 | No tracked dependents |
| MAL-2026-6752 |
confighub
Tracked
|
Malicious code in confighub (PyPI) | 2026-07-03 | 7.0.1 7.0.2 | No tracked dependents |
| MAL-2026-6750 |
procwire
Tracked
|
Malicious code in procwire (PyPI) | 2026-07-03 | 5.2.3 5.2.5 5.2.6 +1 more | No tracked dependents |
| MAL-2026-6749 |
ipa-user-collector
Tracked
|
Malicious code in ipa-user-collector (PyPI) | 2026-07-03 | 8.5.3 | No tracked dependents |
| MAL-2026-6748 |
haproxy-config-client
Tracked
|
Malicious code in haproxy-config-client (PyPI) | 2026-07-03 | 8.5.3 | No tracked dependents |
| MAL-2026-6734 |
horde-python-client
Tracked
|
Malicious code in horde-python-client (PyPI) | 2026-07-02 | 99999.0.0 | No tracked dependents |
| MAL-2026-6733 |
epic-build-scripts
Tracked
|
Malicious code in epic-build-scripts (PyPI) | 2026-07-02 | 99999.0.0 | No tracked dependents |
| MAL-2026-6735 |
ue-python-tools
Tracked
|
Malicious code in ue-python-tools (PyPI) | 2026-07-02 | 99999.0.0 | No tracked dependents |
| MAL-2026-6736 |
unreal-mladapter
Tracked
|
Malicious code in unreal-mladapter (PyPI) | 2026-07-02 | 99999.0.0 | No tracked dependents |
| MAL-2026-6728 |
dt-validator
Tracked
|
Malicious code in dt-validator (PyPI) | 2026-07-02 | 0.3.0 | No tracked dependents |
| PYSEC-2026-611 |
uprobe
Tracked
|
Malicious code in uprobe (PyPI) | 2026-07-01 | 0.1.3 0.1.4 | No tracked dependents |
| PYSEC-2026-610 |
ufish
Tracked
|
Malicious code in ufish (PyPI) | 2026-07-01 | 0.1.2 0.1.3 | No tracked dependents |
| PYSEC-2026-609 |
synago
Tracked
|
Malicious code in synago (PyPI) | 2026-07-01 | 0.1.1 0.1.2 | No tracked dependents |
| PYSEC-2026-608 |
pantheon-toolsets
Tracked
|
Malicious code in pantheon-toolsets (PyPI) | 2026-07-01 | 0.5.5 0.5.6 | Impacted dependencies (1) |
| PYSEC-2026-607 |
pantheon-agents
Tracked
|
Malicious code in pantheon-agents (PyPI) | 2026-07-01 | 0.6.1 0.6.2 | Impacted dependencies (1) |
| MAL-2026-6724 |
starlette-healthcheck
Tracked
|
Malicious code in starlette-healthcheck (PyPI) | 2026-07-01 | 1.3.0 1.2.0 1.3.1 | No tracked dependents |
| PYSEC-2026-606 |
okite
Tracked
|
Malicious code in okite (PyPI) | 2026-07-01 | 0.0.7 0.0.8 | No tracked dependents |
| MAL-2026-6711 |
twrap-tool
Tracked
|
Malicious code in twrap-tool (PyPI) | 2026-07-01 | 1.0.0 | No tracked dependents |
| PYSEC-2026-605 |
nucbox
Tracked
|
Malicious code in nucbox (PyPI) | 2026-07-01 | 0.1.2 0.1.3 | No tracked dependents |
| PYSEC-2026-604 |
napari-ufish
Tracked
|
Malicious code in napari-ufish (PyPI) | 2026-07-01 | 0.0.2 0.0.3 | No tracked dependents |
| PYSEC-2026-594 |
mrbios
Tracked
|
Malicious code in mrbios (PyPI) | 2026-06-30 | 0.1.1 0.1.2 | No tracked dependents |
| PYSEC-2026-593 |
magique-ai
Tracked
|
Malicious code in magique-ai (PyPI) | 2026-06-30 | 0.4.4 0.4.5 | No tracked dependents |
| PYSEC-2026-592 |
magique
Tracked
|
Malicious code in magique (PyPI) | 2026-06-30 | 0.6.8 0.6.9 | No tracked dependents |
| PYSEC-2026-591 |
funcdesc
Tracked
|
Malicious code in funcdesc (PyPI) | 2026-06-30 | 0.2.2 0.2.3 | No tracked dependents |
| PYSEC-2026-590 |
executor-http
Tracked
|
Malicious code in executor-http (PyPI) | 2026-06-30 | 0.1.3 0.1.4 | No tracked dependents |
| PYSEC-2026-589 |
executor-engine
Tracked
|
Malicious code in executor-engine (PyPI) | 2026-06-30 | 0.3.4 0.3.5 | Impacted dependencies (1) |
| PYSEC-2026-580 |
coolbox
Tracked
|
Malicious code in coolbox (PyPI) | 2026-06-29 | 0.4.1 0.4.2 | No tracked dependents |
| PYSEC-2026-579 |
cmd2func
Tracked
|
Malicious code in cmd2func (PyPI) | 2026-06-29 | 0.2.2 0.2.3 | No tracked dependents |
| PYSEC-2026-578 |
bramin
Tracked
|
Malicious code in bramin (PyPI) | 2026-06-29 | 0.0.2 0.0.3 0.0.4 | No tracked dependents |
| PYSEC-2026-586 |
tlask
Tracked
|
Malicious code in tlask (PyPI) | 2026-06-29 | 3.1.3 3.1.4 | No tracked dependents |
| PYSEC-2026-584 |
rlask
Tracked
|
Malicious code in rlask (PyPI) | 2026-06-29 | 3.1.3 3.1.4 3.1.5 +2 more | No tracked dependents |
| PYSEC-2026-583 |
nhmpy
Tracked
|
Malicious code in nhmpy (PyPI) | 2026-06-29 | 2.4.6 2.4.7 | No tracked dependents |
| PYSEC-2026-582 |
mflux-streamlit
Tracked
|
Malicious code in mflux-streamlit (PyPI) | 2026-06-29 | 0.0.3 0.0.4 | No tracked dependents |
| PYSEC-2026-585 |
spateo-release
Tracked
|
Malicious code in spateo-release (PyPI) | 2026-06-29 | 1.1.2 | Unimpacted dependencies (2) |
| PYSEC-2026-581 |
dynamo-release
Tracked
|
Malicious code in dynamo-release (PyPI) | 2026-06-29 | 1.5.4 | Unimpacted dependencies (1) |
| MAL-2026-6593 |
django-bkvision
Tracked
|
Malicious code in django-bkvision (PyPI) | 2026-06-29 | 1.2.0 | No tracked dependents |
| MAL-2026-6561 |
skillspector
Tracked
|
Malicious code in skillspector (PyPI) | 2026-06-28 | 0.0.1 0.0.2 0.0.3 +5 more | No tracked dependents |
| MAL-2026-6560 |
tdata-grabber
Tracked
|
Malicious code in tdata-grabber (PyPI) | 2026-06-28 | 1.0.0 | No tracked dependents |
| MAL-2026-6558 |
fsociety-tools
Tracked
|
Malicious code in fsociety-tools (PyPI) | 2026-06-28 | 1.0.0 1.0.1 1.0.2 | No tracked dependents |
| MAL-2026-6557 |
pkg-fallback
Tracked
|
Malicious code in pkg-fallback (PyPI) | 2026-06-28 | 1.1.0 | No tracked dependents |
| MAL-2026-6549 |
discord-token-generator
Tracked
|
Malicious code in discord-token-generator (PyPI) | 2026-06-27 | 1.0.0 1.0.1 1.0.2 +1 more | No tracked dependents |
| MAL-2026-6541 |
pdf-converter-pro
Tracked
|
Malicious code in pdf-converter-pro (PyPI) | 2026-06-26 | 1.0.0 | No tracked dependents |
| PYSEC-2026-236 |
pyphetools
Tracked
|
Malicious code in pyphetools (PyPI) | 2026-06-26 | 0.9.120 | Impacted dependencies (1) |
| PYSEC-2026-235 |
ppkt2synergy
Tracked
|
Malicious code in ppkt2synergy (PyPI) | 2026-06-26 | 0.1.1 | No tracked dependents |
| PYSEC-2026-234 |
phenopacket-store-toolkit
Tracked
|
Malicious code in phenopacket-store-toolkit (PyPI) | 2026-06-26 | 0.1.7 | No tracked dependents |
| MAL-2026-6516 |
inlifegram
Tracked
|
Malicious code in inlifegram (PyPI) | 2026-06-26 | 2.1.2.8 2.1.2.9 | No tracked dependents |