pysec-2025-8
Vulnerability from pysec
Published
Modified
2025-03-17 16:35
Details

The pygments-style-solarized project was removed from PyPI by its owner on 2021-08-26. The GitHub repository was also updated to show unmaintained, and archived on 2025-08-31.

Another user uploaded a new version, 100.10.7, which contains non-working code, with clear language that it intends to be a dependency confusion attack. It also does not contain working hacking code.

The name has been prohibited on from use on PyPI on 2021-12-12.

Impacted products
Name purl
pygments-style-solarized pkg:pypi/pygments-style-solarized


To clipboard 

{
   affected: [
      {
         package: {
            ecosystem: "PyPI",
            name: "pygments-style-solarized",
            purl: "pkg:pypi/pygments-style-solarized",
         },
         versions: [
            "100.10.7",
         ],
      },
   ],
   details: "The `pygments-style-solarized` project was removed from PyPI by its owner on 2021-08-26.\nThe GitHub repository was also updated to show unmaintained, and archived on 2025-08-31.\n\nAnother user uploaded a new version, `100.10.7`, which contains non-working code,\nwith clear language that it intends to be a dependency confusion attack.\nIt also does not contain working hacking code.\n\nThe name has been prohibited on from use on PyPI on 2021-12-12.\n",
   id: "PYSEC-2025-8",
   modified: "2025-03-17T16:35:37+00:00",
   references: [
      {
         type: "EVIDENCE",
         url: "https://inspector.pypi.io/project/pygments-style-solarized/100.10.7/packages/f8/de/dc31f9eb4322bbce87fe341f9b4e2fc31587dedc785de629af3e53b1c1f5/pygments-style-solarized-100.10.7.tar.gz/pygments-style-solarized-100.10.7/pygments-style-solarized/pygments-style-solarized.py#line.1",
      },
      {
         type: "WEB",
         url: "https://github.com/shkumagai/pygments-style-solarized/pull/22/files",
      },
   ],
   summary: "After the owner removed the project from PyPI, another user uploaded a new version with non-working code",
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.