ossf
diff --git a/‎osv/malicious/.id-allocator‎
Lines changed: 1 addition & 1 deletion b/‎osv/malicious/.id-allocator‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎…ks/MAL-0000-kam193-734e78214abbde69.json‎ ‎…s/pypi/aristanetworks/MAL-2026-2173.json‎osv/malicious/pypi/aristanetworks/MAL-0000-kam193-734e78214abbde69.json renamed to osv/malicious/pypi/aristanetworks/MAL-2026-2173.json
Lines changed: 6 additions & 6 deletions b/‎…ks/MAL-0000-kam193-734e78214abbde69.json‎ ‎…s/pypi/aristanetworks/MAL-2026-2173.json‎osv/malicious/pypi/aristanetworks/MAL-0000-kam193-734e78214abbde69.json renamed to osv/malicious/pypi/aristanetworks/MAL-2026-2173.json
Lines changed: 6 additions & 6 deletions
diff --git a/‎…rd/MAL-0000-kam193-83ca35f9b1e5fc77.json‎ ‎…s/pypi/batch-shipyard/MAL-2026-2174.json‎osv/malicious/pypi/batch-shipyard/MAL-0000-kam193-83ca35f9b1e5fc77.json renamed to osv/malicious/pypi/batch-shipyard/MAL-2026-2174.json
Lines changed: 6 additions & 6 deletions b/‎…rd/MAL-0000-kam193-83ca35f9b1e5fc77.json‎ ‎…s/pypi/batch-shipyard/MAL-2026-2174.json‎osv/malicious/pypi/batch-shipyard/MAL-0000-kam193-83ca35f9b1e5fc77.json renamed to osv/malicious/pypi/batch-shipyard/MAL-2026-2174.json
Lines changed: 6 additions & 6 deletions
diff --git a/‎…ch/MAL-0000-kam193-b2532cd269873dbd.json‎ ‎…pypi/facebookresearch/MAL-2026-2175.json‎osv/malicious/pypi/facebookresearch/MAL-0000-kam193-b2532cd269873dbd.json renamed to osv/malicious/pypi/facebookresearch/MAL-2026-2175.json
Lines changed: 6 additions & 6 deletions b/‎…ch/MAL-0000-kam193-b2532cd269873dbd.json‎ ‎…pypi/facebookresearch/MAL-2026-2175.json‎osv/malicious/pypi/facebookresearch/MAL-0000-kam193-b2532cd269873dbd.json renamed to osv/malicious/pypi/facebookresearch/MAL-2026-2175.json
Lines changed: 6 additions & 6 deletions
diff --git a/‎osv/malicious/pypi/fairness-bias/MAL-0000-kam193-c76439565a70fd01.json‎
Lines changed: 0 additions & 49 deletions b/‎osv/malicious/pypi/fairness-bias/MAL-0000-kam193-c76439565a70fd01.json‎
Lines changed: 0 additions & 49 deletions
diff --git a/‎osv/malicious/pypi/fairness-bias/MAL-2026-2170.json‎
Lines changed: 28 additions & 4 deletions b/‎osv/malicious/pypi/fairness-bias/MAL-2026-2170.json‎
Lines changed: 28 additions & 4 deletions
diff --git a/‎osv/malicious/pypi/globally/MAL-0000-kam193-1f2d16dd9f9dc8f8.json‎
Lines changed: 0 additions & 49 deletions b/‎osv/malicious/pypi/globally/MAL-0000-kam193-1f2d16dd9f9dc8f8.json‎
Lines changed: 0 additions & 49 deletions
diff --git a/‎osv/malicious/pypi/globally/MAL-2026-2171.json‎
Lines changed: 28 additions & 4 deletions b/‎osv/malicious/pypi/globally/MAL-2026-2171.json‎
Lines changed: 28 additions & 4 deletions
diff --git a/‎…to/MAL-0000-kam193-0bdb202529b567cd.json‎ ‎…/malicious/pypi/kusto/MAL-2026-2176.json‎osv/malicious/pypi/kusto/MAL-0000-kam193-0bdb202529b567cd.json renamed to osv/malicious/pypi/kusto/MAL-2026-2176.json
Lines changed: 6 additions & 6 deletions b/‎…to/MAL-0000-kam193-0bdb202529b567cd.json‎ ‎…/malicious/pypi/kusto/MAL-2026-2176.json‎osv/malicious/pypi/kusto/MAL-0000-kam193-0bdb202529b567cd.json renamed to osv/malicious/pypi/kusto/MAL-2026-2176.json
Lines changed: 6 additions & 6 deletions
@@ -1 +1 @@
-48978a1e15668b78419469ee2dc5d7cb5e8d43a92907e03c739ac77f5f907e13
+7f23d3c18d0764dabdbad9027334769511cd25037be2c8201b048dcc002b2c5d
@@ -2,9 +2,9 @@
   "modified": "2026-03-25T05:04:39Z",
   "published": "2026-03-25T05:04:39Z",
   "schema_version": "1.7.4",
-  "id": "",
-  "summary": "Pentesting or research code in aristanetworks (PyPI)",
-  "details": "Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n",
+  "id": "MAL-2026-2173",
+  "summary": "Malicious code in aristanetworks (PyPI)",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (734e78214abbde694d6041663ec7e34bb9f31c9265856540de7a1c0a8ffe5e33)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n",
   "affected": [
     {
       "package": {
@@ -35,11 +35,11 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "734e78214abbde694d6041663ec7e34bb9f31c9265856540de7a1c0a8ffe5e33",
-        "import_time": "2026-03-25T05:52:35.046444742Z",
         "id": "pypi/GENERIC-standard-pypi-install-pentest/aristanetworks",
+        "import_time": "2026-03-25T05:52:35.046444742Z",
         "modified_time": "2026-03-25T05:04:39.902614Z",
+        "sha256": "734e78214abbde694d6041663ec7e34bb9f31c9265856540de7a1c0a8ffe5e33",
+        "source": "kam193",
         "versions": [
           "99.0.0"
         ]
 
@@ -2,9 +2,9 @@
   "modified": "2026-03-25T05:04:42Z",
   "published": "2026-03-25T05:04:42Z",
   "schema_version": "1.7.4",
-  "id": "",
-  "summary": "Pentesting or research code in batch-shipyard (PyPI)",
-  "details": "Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n",
+  "id": "MAL-2026-2174",
+  "summary": "Malicious code in batch-shipyard (PyPI)",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (83ca35f9b1e5fc77913037dde16ad175609dddc219e613c9dae7f752b112568f)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n",
   "affected": [
     {
       "package": {
@@ -35,11 +35,11 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "83ca35f9b1e5fc77913037dde16ad175609dddc219e613c9dae7f752b112568f",
-        "import_time": "2026-03-25T05:52:35.047920775Z",
         "id": "pypi/GENERIC-standard-pypi-install-pentest/batch-shipyard",
+        "import_time": "2026-03-25T05:52:35.047920775Z",
         "modified_time": "2026-03-25T05:04:42.355649Z",
+        "sha256": "83ca35f9b1e5fc77913037dde16ad175609dddc219e613c9dae7f752b112568f",
+        "source": "kam193",
         "versions": [
           "99.0.0"
         ]
 
@@ -2,9 +2,9 @@
   "modified": "2026-03-25T05:07:03Z",
   "published": "2026-03-25T05:06:56Z",
   "schema_version": "1.7.4",
-  "id": "",
-  "summary": "Pentesting or research code in facebookresearch (PyPI)",
-  "details": "Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n",
+  "id": "MAL-2026-2175",
+  "summary": "Malicious code in facebookresearch (PyPI)",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (b2532cd269873dbda78f99b9e22ab736c64c48ba32fa5c27deaf173fdbf33397)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n",
   "affected": [
     {
       "package": {
@@ -35,11 +35,11 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "b2532cd269873dbda78f99b9e22ab736c64c48ba32fa5c27deaf173fdbf33397",
-        "import_time": "2026-03-25T05:52:35.048743416Z",
         "id": "pypi/GENERIC-standard-pypi-install-pentest/facebookresearch",
+        "import_time": "2026-03-25T05:52:35.048743416Z",
         "modified_time": "2026-03-25T05:07:03.335391Z",
+        "sha256": "b2532cd269873dbda78f99b9e22ab736c64c48ba32fa5c27deaf173fdbf33397",
+        "source": "kam193",
         "versions": [
           "99.0.0"
         ]
 
@@ -1,10 +1,10 @@
 {
-  "modified": "2026-03-25T05:05:53Z",
+  "modified": "2026-03-25T05:54:06Z",
   "published": "2026-03-25T05:05:53Z",
   "schema_version": "1.7.4",
   "id": "MAL-2026-2170",
   "summary": "Malicious code in fairness-bias (PyPI)",
-  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (335b61ea467900506b7c9ab231d39902730c0c23c3b48c9292fd137ddd5d107c)\nThe OpenSSF Package Analysis project identified 'fairness-bias' @ 99.0.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (c76439565a70fd014098388baf5dd9a679f90be992102ba689fc0b7d6d3db352)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n## Source: ossf-package-analysis (335b61ea467900506b7c9ab231d39902730c0c23c3b48c9292fd137ddd5d107c)\nThe OpenSSF Package Analysis project identified 'fairness-bias' @ 99.0.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
   "affected": [
     {
       "package": {
@@ -16,7 +16,21 @@
       ]
     }
   ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://bad-packages.kam193.eu/pypi/package/fairness-bias"
+    }
+  ],
   "credits": [
+    {
+      "name": "Kamil Mańkowski (kam193)",
+      "type": "REPORTER",
+      "contact": [
+        "https://github.com/kam193",
+        "https://bad-packages.kam193.eu/"
+      ]
+    },
     {
       "name": "OpenSSF: Package Analysis",
       "type": "FINDER",
@@ -29,10 +43,20 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
+        "source": "ossf-package-analysis",
+        "sha256": "335b61ea467900506b7c9ab231d39902730c0c23c3b48c9292fd137ddd5d107c",
         "import_time": "2026-03-25T05:08:01.309908366Z",
         "modified_time": "2026-03-25T05:05:53Z",
-        "sha256": "335b61ea467900506b7c9ab231d39902730c0c23c3b48c9292fd137ddd5d107c",
-        "source": "ossf-package-analysis",
+        "versions": [
+          "99.0.0"
+        ]
+      },
+      {
+        "source": "kam193",
+        "sha256": "c76439565a70fd014098388baf5dd9a679f90be992102ba689fc0b7d6d3db352",
+        "import_time": "2026-03-25T05:52:35.049677585Z",
+        "id": "pypi/GENERIC-standard-pypi-install-pentest/fairness-bias",
+        "modified_time": "2026-03-25T05:07:03.893401Z",
         "versions": [
           "99.0.0"
         ]
 
@@ -1,10 +1,10 @@
 {
-  "modified": "2026-03-25T05:05:53Z",
+  "modified": "2026-03-25T05:54:06Z",
   "published": "2026-03-25T05:05:53Z",
   "schema_version": "1.7.4",
   "id": "MAL-2026-2171",
   "summary": "Malicious code in globally (PyPI)",
-  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (1444bc708fc8eb7cf1d9fafa94e92cb898e12dd7d7e51696c77784d52e8c90a0)\nThe OpenSSF Package Analysis project identified 'globally' @ 99.0.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (1f2d16dd9f9dc8f8c54504946e96b931fab9f6c893012e17b0c03dd531c49f5b)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n## Source: ossf-package-analysis (1444bc708fc8eb7cf1d9fafa94e92cb898e12dd7d7e51696c77784d52e8c90a0)\nThe OpenSSF Package Analysis project identified 'globally' @ 99.0.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
   "affected": [
     {
       "package": {
@@ -16,7 +16,21 @@
       ]
     }
   ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://bad-packages.kam193.eu/pypi/package/globally"
+    }
+  ],
   "credits": [
+    {
+      "name": "Kamil Mańkowski (kam193)",
+      "type": "REPORTER",
+      "contact": [
+        "https://github.com/kam193",
+        "https://bad-packages.kam193.eu/"
+      ]
+    },
     {
       "name": "OpenSSF: Package Analysis",
       "type": "FINDER",
@@ -29,10 +43,20 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
+        "source": "ossf-package-analysis",
+        "sha256": "1444bc708fc8eb7cf1d9fafa94e92cb898e12dd7d7e51696c77784d52e8c90a0",
         "import_time": "2026-03-25T05:08:01.429036984Z",
         "modified_time": "2026-03-25T05:05:53Z",
-        "sha256": "1444bc708fc8eb7cf1d9fafa94e92cb898e12dd7d7e51696c77784d52e8c90a0",
-        "source": "ossf-package-analysis",
+        "versions": [
+          "99.0.0"
+        ]
+      },
+      {
+        "source": "kam193",
+        "sha256": "1f2d16dd9f9dc8f8c54504946e96b931fab9f6c893012e17b0c03dd531c49f5b",
+        "import_time": "2026-03-25T05:52:35.05048674Z",
+        "id": "pypi/GENERIC-standard-pypi-install-pentest/globally",
+        "modified_time": "2026-03-25T05:09:10.186904Z",
         "versions": [
           "99.0.0"
         ]
 
@@ -2,9 +2,9 @@
   "modified": "2026-03-25T05:04:47Z",
   "published": "2026-03-25T05:04:47Z",
   "schema_version": "1.7.4",
-  "id": "",
-  "summary": "Pentesting or research code in kusto (PyPI)",
-  "details": "Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n",
+  "id": "MAL-2026-2176",
+  "summary": "Malicious code in kusto (PyPI)",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (0bdb202529b567cdcf3b62e44352186db2cb5defbfbfec0e7646a684838e08d7)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research \u0026 co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n",
   "affected": [
     {
       "package": {
@@ -35,11 +35,11 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "0bdb202529b567cdcf3b62e44352186db2cb5defbfbfec0e7646a684838e08d7",
-        "import_time": "2026-03-25T05:52:35.051211961Z",
         "id": "pypi/GENERIC-standard-pypi-install-pentest/kusto",
+        "import_time": "2026-03-25T05:52:35.051211961Z",
         "modified_time": "2026-03-25T05:04:47.699686Z",
+        "sha256": "0bdb202529b567cdcf3b62e44352186db2cb5defbfbfec0e7646a684838e08d7",
+        "source": "kam193",
         "versions": [
           "99.0.0"
         ]
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-48978a1e15668b78419469ee2dc5d7cb5e8d43a92907e03c739ac77f5f907e13`
	`1`	`+7f23d3c18d0764dabdbad9027334769511cd25037be2c8201b048dcc002b2c5d`