nflx-metaflow @1.0.2
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2025-1984
Ecosystem
pypi
Summary
Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the same uploader use confusing names, clearly suggesting the intention to harvest data from unintentional installations. --- Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities. Campaign: 2025-02-pxz Reasons (based on the campaign): - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk. - typosquatting
Source: kam193 (1d317c47382e978342b2098c06b1d0ff46acfefdc5a5ed6ce2b531b1f5b24fe4)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.