Aggregates CVE and security vulnerability intelligence across all pypi-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk memory corruption and vendor risk buffer overflow, with potential vendor impact memory corruption and vendor impact application crash across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-34501 | The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | [email protected] | 9.8 | 0.51% | 2022-07-22 | 2024-11-21 |
| CVE-2022-34500 | The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | [email protected] | 9.8 | 0.78% | 2022-07-22 | 2024-11-21 |
| CVE-2022-34056 | The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.42% | 2022-06-24 | 2024-11-21 |
| CVE-2022-34055 | The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.70% | 2022-06-24 | 2024-11-21 |
| CVE-2022-34054 | The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.70% | 2022-06-24 | 2024-11-21 |
| CVE-2022-34053 | The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.70% | 2022-06-24 | 2024-11-21 |
| CVE-2022-33004 | The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.70% | 2022-06-24 | 2024-11-21 |
| CVE-2022-33003 | The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.70% | 2022-06-24 | 2024-11-21 |
| CVE-2022-33002 | The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.70% | 2022-06-24 | 2024-11-21 |
| CVE-2022-33001 | The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.42% | 2022-06-24 | 2024-11-21 |
| CVE-2022-33000 | The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.42% | 2022-06-24 | 2024-11-21 |
| CVE-2022-32999 | The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.42% | 2022-06-24 | 2024-11-21 |
| CVE-2022-32998 | The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.70% | 2022-06-24 | 2024-11-21 |
| CVE-2022-32997 | The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.70% | 2022-06-24 | 2024-11-21 |
| CVE-2022-32996 | The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 0.70% | 2022-06-24 | 2024-11-21 |
| CVE-2020-15904 | A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. | [email protected] | 7.8 | 0.37% | 2020-07-22 | 2024-11-21 |