pypdf-fork @6.10.3
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-2999
Ecosystem
pypi
Summary
During importing the module, package sends a beacon notification to the owner. The package has no other differences from the original legitimate "pypdf". --- Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities. Campaign: 2026-04-pypdf-fork Reasons (based on the campaign): - clones-real-package
Source: kam193 (c3a651b0cc8ca7cc4fcae91ff3160af205a97d0aacacd8e88d76c04ce013bd02)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.