-= Per source details. Do not edit below this line.=-
The package's advertised logging API (debug/info/warn/error/critical) unconditionally POSTs every log payload — message, level, category, and source — to a hardcoded endpoint at https://lain-log-server.up.railway.app/log (sillylogger/init.py line 6, line 56). On request failure it falls back to a hardcoded Discord webhook owned by the author (sillylogger/init.py line 7, line 84). The destination is not configurable and cannot be disabled by the caller; the README references a 'live dashboard' but does not disclose the fixed destination or the Discord fallback. Additionally, log.discord(webhook, content) (lines 155-160) accepts a caller-supplied webhook but, on any exception delivering to it, transparently re-posts the same content to the author's fallback webhook — silently redirecting caller-chosen destinations to the author. Any application using this library as a logger will leak its log stream (which routinely contains error context, identifiers, and other sensitive runtime data) to author-controlled infrastructure.
{
"malicious-packages-origins": [
{
"versions": [
"0.1.1"
],
"sha256": "2eecfbfdbeccf66833713755c8dffe5f7732119e5d82022a847c508dfef619b0",
"modified_time": "2026-05-19T21:50:33Z",
"source": "amazon-inspector",
"import_time": "2026-05-26T05:50:21.304351298Z",
"id": "IN-MAL-2026-003287"
},
{
"versions": [
"0.1.6"
],
"sha256": "5e7d6ea056642efb38d092a29ee1a6dd2d70b579752c9d5d85ca6de27aaa4259",
"modified_time": "2026-06-12T19:02:09Z",
"source": "amazon-inspector",
"import_time": "2026-06-12T19:43:34.798159789Z",
"id": "IN-MAL-2026-005800"
},
{
"versions": [
"0.1.7"
],
"sha256": "a57b518b6dcdb16913e105cd371fe81d367a85f81599d4468819bbe77ccb68b8",
"source": "amazon-inspector",
"modified_time": "2026-06-12T19:02:11Z",
"import_time": "2026-06-12T19:43:34.890085372Z",
"id": "IN-MAL-2026-005801"
}
]
}{
"package_integrity": [
{
"filename": "silly_logger-0.1.1-py3-none-any.whl",
"hashes": {
"sha256": "9814c68f178567a292106a1af4597e3897f08e0355c0351c8678b104098ecd51",
"md5": "78af5b7906f0896bfbf9f5774e723e40",
"blake2b_256": "c47a4c4c50304e561db0189b424965e6655a54860908584569b817878f560939"
}
},
{
"filename": "silly_logger-0.1.1.tar.gz",
"hashes": {
"sha256": "97a62d1c2297c4d0d39fa747e04678812badd7287c99c1a20c4757f89e64a834",
"md5": "5b4fee5c849b656907be2b9c8050f064",
"blake2b_256": "de2c1a3e2f18d7f7d25e7a646a8fe11856c13be6a84edf5f150b4ca2c34b0727"
}
}
],
"evidence_files": [
{
"sha256": "93b4bc41a06baf919faf7629c88d05df0f73b555f8b8e203e15be0bb1c30ce3b",
"path": "silly_logger/__init__.py",
"tlsh": "fb41fdb9c16e4cd14a03941a90e6a6063d7ee08b5c0db9ee703ca6a80b3c43524edfd8"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/silly-logger/MAL-2026-4767.json"
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]