Assign IDs

github-actions · github-actions · commit da60ca2d9385 · 2025-12-07T01:37:48.000Z
diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator
@@ -1 +1 @@
-bdc5e9b5610d87f4272a6dbc6a130981aa1a3d4bf8cfe89c8729455d76794299
+bc94d38534adf8d8dac6b4f47882a904c7f638f9373d9098be86c6637655a2bd
diff --git a/osv/malicious/pypi/blank-lib/MAL-2025-192364.json b/osv/malicious/pypi/blank-lib/MAL-2025-192364.json
@@ -2,9 +2,9 @@
   "modified": "2025-12-07T01:03:47Z",
   "published": "2025-12-07T00:40:43Z",
   "schema_version": "1.7.4",
-  "id": "",
+  "id": "MAL-2025-192364",
   "summary": "Malicious code in blank-lib (PyPI)",
-  "details": "This is an infostealer, based on Blank Grabber. It's used as dependency in other malicious packages\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-12-blank-lib\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - infostealer:blankgrabber\n\n\n - clones-real-package\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - exfiltration-credentials\n\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (96f1bcd77950a6cd42af11d0d4fb4ba3d58349cfde6236027341c044e152bfeb)\nThis is an infostealer, based on Blank Grabber. It's used as dependency in other malicious packages\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-12-blank-lib\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - infostealer:blankgrabber\n\n\n - clones-real-package\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - exfiltration-credentials\n",
   "affected": [
     {
       "package": {
@@ -36,11 +36,11 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "96f1bcd77950a6cd42af11d0d4fb4ba3d58349cfde6236027341c044e152bfeb",
-        "import_time": "2025-12-07T01:35:44.731111152Z",
         "id": "pypi/2025-12-blank-lib/blank-lib",
+        "import_time": "2025-12-07T01:35:44.731111152Z",
         "modified_time": "2025-12-07T01:03:47.110526Z",
+        "sha256": "96f1bcd77950a6cd42af11d0d4fb4ba3d58349cfde6236027341c044e152bfeb",
+        "source": "kam193",
         "versions": [
           "0.0.8",
           "0.0.9"
diff --git a/osv/malicious/pypi/python-tg-bot/MAL-2025-192365.json b/osv/malicious/pypi/python-tg-bot/MAL-2025-192365.json
@@ -2,9 +2,9 @@
   "modified": "2025-12-07T00:50:39Z",
   "published": "2025-12-07T00:50:39Z",
   "schema_version": "1.7.4",
-  "id": "",
+  "id": "MAL-2025-192365",
   "summary": "Malicious code in python-tg-bot (PyPI)",
-  "details": "During importing, a dependency with infostealer is loaded and package attempts to exfiltrate credentials.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-12-blank-lib\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - infostealer:blankgrabber\n\n\n - clones-real-package\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - exfiltration-credentials\n\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (5397ab6595b8237172e9a49952d092803e03526e3dda8277c64dc4d26ae45ff2)\nDuring importing, a dependency with infostealer is loaded and package attempts to exfiltrate credentials.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-12-blank-lib\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - infostealer:blankgrabber\n\n\n - clones-real-package\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - exfiltration-credentials\n",
   "affected": [
     {
       "package": {
@@ -36,11 +36,11 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "5397ab6595b8237172e9a49952d092803e03526e3dda8277c64dc4d26ae45ff2",
-        "import_time": "2025-12-07T01:35:44.733391151Z",
         "id": "pypi/2025-12-blank-lib/python-tg-bot",
+        "import_time": "2025-12-07T01:35:44.733391151Z",
         "modified_time": "2025-12-07T00:50:39.178299Z",
+        "sha256": "5397ab6595b8237172e9a49952d092803e03526e3dda8277c64dc4d26ae45ff2",
+        "source": "kam193",
         "versions": [
           "22.5.1",
           "22.5"

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-bdc5e9b5610d87f4272a6dbc6a130981aa1a3d4bf8cfe89c8729455d76794299`
	`1`	`+bc94d38534adf8d8dac6b4f47882a904c7f638f9373d9098be86c6637655a2bd`