Supply-chain threat intelligence
Risk score
92
Indexed incident for dt-validator (pypi).
Code contains a function to execute remote code, which at the time of analysis was extracting the "auth_user" table from Django DB. The remote code execution is partially documented and disguised with multiple warnings, but a) the 'convenience function' uses a hardcoded endpoint and loads results to the global namespace, b) the warnings are silenced by default.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-dt-validator
Reasons (based on the campaign):
Downloads and executes a remote malicious script.
action-hidden-in-lib-usage
Affected versions
Indicators
Timeline