MAL-2026-1488

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/codeshouhu/MAL-2026-1488.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-1488

Published

2026-03-16T18:00:09Z

Modified

2026-03-17T00:31:35.588438Z

Summary

Malicious code in codeshouhu (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: oracle-using-macaron (4d37163d3341d79548bd0fd94d62539579ed5f7ba2e48c1810b8d4e20c964c1c)

This package runs a malicious payload when it is imported.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "4d37163d3341d79548bd0fd94d62539579ed5f7ba2e48c1810b8d4e20c964c1c",
            "source": "oracle-using-macaron",
            "modified_time": "2026-03-16T18:00:09Z",
            "versions": [
                "0.1.3",
                "0.1.4",
                "0.1.5",
                "0.1.6",
                "0.1.7",
                "0.1.8",
                "0.1.9",
                "0.2.0",
                "0.2.1",
                "0.2.2"
            ],
            "import_time": "2026-03-16T18:00:09Z"
        }
    ]
}

References

Credits

- Oracle using Macaron - FINDER
- - https://github.com/oracle/macaron

Affected packages

PyPI / codeshouhu

Package

Name: codeshouhu; View open source insights on deps.dev
Purl: pkg:pypi/codeshouhu

Affected ranges

Affected versions

0.*

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.1

0.2.2

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/codeshouhu/MAL-2026-1488.json"