This catalogue contains malicious package advisories sourced from OSV.dev, an open database of security vulnerabilities maintained by Google. The data is refreshed daily and currently tracks over 10,000 advisories.
Most advisories are for packages that were removed from PyPI before gaining significant adoption — typically typosquats or short-lived malware. Packages marked Tracked exist in the database with full download and repository statistics. Advisory IDs link directly to the full advisory on OSV.dev.
Total Advisories
Untracked Packages
Tracked Packages
Latest Advisory
| Advisory ID | Package | Summary | Published | Versions |
|---|---|---|---|---|
|
Loading advisories...
|
||||