PYSEC-2025-72

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/num2words/PYSEC-2025-72.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2025-72
Aliases
Published
2025-07-31T14:52:26.947995Z
Modified
2025-08-06T04:27:26.046626Z
Summary
After a successful phishing attack, new versions of `num2words` were published containing malware.
Details

The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments.

References
Credits
    • Mike Fiedler - COORDINATOR

Affected packages

PyPI / num2words

Package

Affected ranges

Affected versions

0.*

0.5.15
0.5.16