bitcommit @0.1.7
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2024-12219
Ecosystem
pypi
Summary
Packages exfiltrate the diff of the current repository. The code in "main.py" suggests it's not a real attempt to provide AI-generated commit message, but a security research attempting to leverage typosquatting. --- Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities. Campaign: 2024-08-old-bitcommit Reasons (based on the campaign): - exfiltration-generic - typosquatting
Source: kam193 (d0e954ac7acd6af73d285edea41177ee09be01a2e14a1b4e6b195ba7e07b9515)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.