pypi

jsonschemavalidation @4.26.0

Vulnerability report · Last retrieved from osv.dev July 7, 2026 at 10:20 PM UTC

Malicious

OSV ID

MAL-2026-6945

Ecosystem

pypi

Summary

A clone of a legitimate package with an embeded reverse shell. In the published version, the reverse shell was connecting to a private IP address suggesting the package was not yet fully weaponized. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-jsonschemavalidation Reasons (based on the campaign): - The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine. - clones-real-package - obfuscation

Source: kam193 (b7a6e1ff837eac0382559815111106e3e85b3825b72f38355551d5874cc24b0e)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.