PYSEC-2025-8
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pygments-style-solarized/PYSEC-2025-8.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2025-8
- Published
- 2025-03-17T17:49:49.186629Z
- Modified
- 2025-03-17T16:35:37Z
- Summary
- After the owner removed the project from PyPI, another user uploaded a new version with non-working code
- Details
-
The
pygments-style-solarizedproject was removed from PyPI by its owner on 2021-08-26. The GitHub repository was also updated to show unmaintained, and archived on 2025-08-31.Another user uploaded a new version,
100.10.7, which contains non-working code, with clear language that it intends to be a dependency confusion attack. It also does not contain working hacking code.The name has been prohibited on from use on PyPI on 2021-12-12.
- References
-
- https://inspector.pypi.io/project/pygments-style-solarized/100.10.7/packages/f8/de/dc31f9eb4322bbce87fe341f9b4e2fc31587dedc785de629af3e53b1c1f5/pygments-style-solarized-100.10.7.tar.gz/pygments-style-solarized-100.10.7/pygments-style-solarized/pygments-style-solarized.py#line.1
- https://github.com/shkumagai/pygments-style-solarized/pull/22/files
Affected packages
PyPI / pygments-style-solarized
Package
- Name
- pygments-style-solarized
- View open source insights on deps.dev
- Purl
- pkg:pypi/pygments-style-solarized