Logo
pypi

gunicorm @0.0.1

Vulnerability report · Last retrieved from osv.dev June 24, 2026 at 12:37 PM UTC

Malicious

OSV ID

MAL-2026-6383

Ecosystem

pypi

Summary

During installation, the package exfiltrates env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-ip-rotat Reasons (based on the campaign): - The package overrides the install command in setup.py to execute malicious code during installation. - exfiltration-env-variables - typosquatting

Source: kam193 (91d6bdf640b4cf2b87b464dda65ce3242f4c5c1840f568f0c6b953857c56df57)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.

SEE HACKTRON REVIEW → SCAN DEPENDENCIES