{"id":"MAL-2025-191842","summary":"Malicious code in python-uvicorn (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (5396386b3e45bc2cc83befa80cc1843f6d8374728a22274ffbbc124319ddc16d)\nMalicious copy of uvicorn package with added healthcheck endpoint that exfiltrates application settings/env vars\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-07-python-uvicorn\n\n\nReasons (based on the campaign):\n\n\n - clones-real-package\n\n\n - action-hidden-in-lib-usage\n","modified":"2025-12-12T20:40:11.213188Z","published":"2025-07-16T19:16:51Z","database_specific":{"malicious-packages-origins":[{"id":"pypi/2025-07-python-uvicorn/python-uvicorn","import_time":"2025-12-02T22:30:55.494633044Z","source":"kam193","modified_time":"2025-07-16T19:16:51.35396Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"9828112ea544c22486327053a0f6d83a5cc266162c45ad7f04e7976d4957e633"},{"id":"pypi/2025-07-python-uvicorn/python-uvicorn","import_time":"2025-12-02T23:07:18.519441201Z","source":"kam193","modified_time":"2025-07-16T19:16:51.35396Z","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"sha256":"5396386b3e45bc2cc83befa80cc1843f6d8374728a22274ffbbc124319ddc16d"},{"id":"pypi/2025-07-python-uvicorn/python-uvicorn","import_time":"2025-12-10T21:38:57.738556883Z","source":"kam193","modified_time":"2025-07-16T19:16:51.35396Z","versions":["0.35.0","0.35.1","0.36.0","0.36.1"],"sha256":"38823212e4bbaa76994c242265f4194ea97d0769628a0b4b6ddf9e914c107bb8"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/python-uvicorn"}],"affected":[{"package":{"name":"python-uvicorn","ecosystem":"PyPI","purl":"pkg:pypi/python-uvicorn"},"versions":["0.35.0","0.35.1","0.36.0","0.36.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/python-uvicorn/MAL-2025-191842.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}