lxyeternal / pypi_malregistry
The repository has collected about 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem". Of course, we will continue to expand the dataset. Latest update time: 07 Apr. 2025
☆86Updated 2 weeks ago
Alternatives and similar repositories for pypi_malregistry:
Users that are interested in pypi_malregistry are comparing it to the libraries listed below
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages☆132Updated 2 years ago
- ☆15Updated 9 months ago
- Artifact accompanying our ICSE '22 paper "Practical Automated Detection of Malicious npm Packages"☆43Updated 3 years ago
- This repository complements our paper by offering the training dataset, the best-performing models utilized in our real-world experiment,…☆18Updated last month
- CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software☆242Updated 8 months ago
- This repository contains a list of papers about software supply chain☆27Updated 11 months ago
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆200Updated this week
- ☠️ Ground-truth dataset for vulnerability prediction (known research datasets and data sources included such as NVD, CVE Details and OSV)…☆90Updated last year
- A curated list of awesome resources about LLM supply chain security (including papers, security reports and CVEs)☆66Updated 3 months ago
- The Artifacts for ICSE 2023 paper: Bad Snakes: Understanding and Improving Python Package Index Malware Scanning☆11Updated 2 years ago
- ☆26Updated last year
- ☆38Updated 2 years ago
- ISSTA'23 - Third-party Library Dependency for Large-scale SCA in the C/C++ Ecosystem: How Far Are We?☆29Updated last year
- ☆28Updated last year
- VulZoo: A Comprehensive Vulnerability Intelligence Dataset (ASE 2024 Demo)☆41Updated last month
- Source Code Vulnerability Detection Tools(SCVDT)provides a vulnerable code database, vulnerability detection service for Java and C/C++ p…☆116Updated 3 years ago
- A fork of Bandit tool with patterns to identifying malicious python code.☆25Updated 2 years ago
- [CCS'24] An LLM-based, fully automated fuzzing tool for option combination testing.☆74Updated last week
- Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities☆67Updated 8 months ago
- A manually vetted dataset for security vulnerability detection in Java projects☆48Updated this week
- A deep learning model for localizing bugs in C/C++ source code (USENIX'23)☆150Updated last year
- YuraScanner☆40Updated 2 months ago
- A curated list of malware-related papers.☆27Updated last year
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆154Updated last year
- ☆54Updated last year
- AIBugHunter: A Practical Tool for Predicting, Classifying and Repairing Software Vulnerabilities☆40Updated last year
- SecLLMHolmes is a generalized, fully automated, and scalable framework to systematically evaluate the performance (i.e., accuracy and rea…☆55Updated 5 months ago
- The source code (including datasets) of V1SCAN (USENIX Security 2023; will be uploaded).☆40Updated last year
- 🪐 A Database of Existing Security Vulnerabilities Patches to Enable Evaluation of Techniques (single-commit; multi-language)☆38Updated last week
- ☆26Updated 7 months ago