Supply-chain threat intelligence

Incident detail

criticalpypi·malware·osv

Malicious code in dt-validator (PyPI)

dt-validator

Risk score

92

AI summary

Indexed incident for dt-validator (pypi).

Description

Code contains a function to execute remote code, which at the time of analysis was extracting the "auth_user" table from Django DB. The remote code execution is partially documented and disguised with multiple warnings, but a) the 'convenience function' uses a hardcoded endpoint and loads results to the global namespace, b) the warnings are silenced by default.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-dt-validator

Reasons (based on the campaign):

  • Downloads and executes a remote malicious script.

  • action-hidden-in-lib-usage

Technical details

Affected versions

=0.3.0

Indicators

  • affected version=0.3.075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents