lxyeternal / pypi_malregistryLinks
The repository has collected about 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem". Of course, we will continue to expand the dataset. Latest update time: 07 Apr. 2025
☆95Updated last month
Alternatives and similar repositories for pypi_malregistry
Users that are interested in pypi_malregistry are comparing it to the libraries listed below
Sorting:
- ☆16Updated 11 months ago
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages☆134Updated 2 years ago
- Artifact accompanying our ICSE '22 paper "Practical Automated Detection of Malicious npm Packages"☆45Updated 3 years ago
- MPHunter can detect malicious packages without explicit knowledge.☆5Updated last year
- This repository complements our paper by offering the training dataset, the best-performing models utilized in our real-world experiment,…☆20Updated 3 months ago
- MegaVul - The largest, high-quality, extensible, continuously updated, C/C++/Java vulnerability dataset☆101Updated 5 months ago
- A curated list of awesome resources about LLM supply chain security (including papers, security reports and CVEs)☆76Updated 5 months ago
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆211Updated this week
- This repository contains a list of papers about software supply chain☆29Updated last year
- CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software☆260Updated 10 months ago
- Awesome Large Language Models for Vulnerability Detection☆160Updated this week
- CKGFuzzer: LLM-Based Fuzz Driver Generation Enhanced By Code Knowledge Graph☆81Updated 4 months ago
- TensorFlow API analysis tool and malicious model detection tool☆32Updated 3 weeks ago
- A fork of Bandit tool with patterns to identifying malicious python code.☆27Updated 2 years ago
- ☠️ Ground-truth dataset for vulnerability prediction (known research datasets and data sources included such as NVD, CVE Details and OSV)…☆93Updated last year
- [CCS'24] An LLM-based, fully automated fuzzing tool for option combination testing.☆82Updated 2 months ago
- A manually vetted dataset for security vulnerability detection in Java projects☆64Updated last week
- ☆26Updated last year
- ISSTA'23 - Third-party Library Dependency for Large-scale SCA in the C/C++ Ecosystem: How Far Are We?☆30Updated last year
- SecLLMHolmes is a generalized, fully automated, and scalable framework to systematically evaluate the performance (i.e., accuracy and rea…☆58Updated last month
- Vul4J: A Dataset of Reproducible Java Vulnerabilities☆91Updated this week
- A neurosymbolic framework for vulnerability detection in code☆116Updated this week
- AIBugHunter: A Practical Tool for Predicting, Classifying and Repairing Software Vulnerabilities☆42Updated last year
- The Artifacts for ICSE 2023 paper: Bad Snakes: Understanding and Improving Python Package Index Malware Scanning☆12Updated 2 years ago
- This repo list the core literature in the field of fuzzing test, large language model, and LLM-based fuzzer. Most of papers are selected …☆53Updated last year
- MINER provided by the paper "MINER: A Hybrid Data-Driven Approach for REST API Fuzzing"☆39Updated 2 years ago
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆153Updated last year
- This is a benchmark for evaluating the vulnerability discovery ability of automated approaches including Large Language Models (LLMs), de…☆68Updated 7 months ago
- ☆39Updated 2 years ago
- Auto-generated CodeQL rules for matching CVE vulnerabilities and variants.☆175Updated 9 months ago