{"id":"MAL-2025-6794","summary":"Malicious code in num2words (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: google-open-source-security (36822c42f7e862f29cef9734efec9a9a9cc44a80e619e954dd25c12239d15767)\nThe num2words project was compromised via a phishing attack and two new\nversions were uploaded to PyPI containing malicious code.\n","aliases":["GHSA-jxr6-qrxx-2ph2","PYSEC-2025-72"],"modified":"2025-08-06T04:27:26.046626Z","published":"2025-08-06T01:01:03Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-08-06T01:01:03Z","versions":["0.5.15","0.5.16"],"source":"google-open-source-security","sha256":"36822c42f7e862f29cef9734efec9a9a9cc44a80e619e954dd25c12239d15767","import_time":"2025-08-06T01:07:01.055679Z"}]},"references":[{"type":"WEB","url":"https://nitter.tiekoetter.com/SFLinux/status/1949906299308953827"},{"type":"ARTICLE","url":"https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise"}],"affected":[{"package":{"name":"num2words","ecosystem":"PyPI","purl":"pkg:pypi/num2words"},"versions":["0.5.15","0.5.16"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/num2words/MAL-2025-6794.json"}}],"schema_version":"1.7.3"}