diff --git a/.github/ioc-candidates/review/osv-28940628848.json b/.github/ioc-candidates/review/osv-28940628848.json new file mode 100644 index 00000000..aca58b2e --- /dev/null +++ b/.github/ioc-candidates/review/osv-28940628848.json @@ -0,0 +1,58 @@ +[ + { + "ecosystem": "PyPI", + "ioc_type": "package_name", + "value": "instructor-mcp", + "confidence": "high", + "reason": "Malicious code in instructor-mcp (PyPI)", + "source": "https://osv.dev/vulnerability/PYSEC-2026-1069", + "first_seen": "2026-07-07", + "suggested_action": "block", + "promote_to": "watch_only", + "blacklist_id": "MAL-2026-5317", + "affected_versions": [ + "1.15.2", + "1.15.3" + ], + "action": "BLOCK", + "severity": "CRITICAL", + "notes": "OSV-confirmed malicious package (PYSEC-2026-1069). Review affected versions before promoting to AS-008." + }, + { + "ecosystem": "PyPI", + "ioc_type": "package_name", + "value": "langchain-core-mcp", + "confidence": "high", + "reason": "Malicious code in langchain-core-mcp (PyPI)", + "source": "https://osv.dev/vulnerability/PYSEC-2026-1070", + "first_seen": "2026-07-07", + "suggested_action": "block", + "promote_to": "watch_only", + "blacklist_id": "MAL-2026-5318", + "affected_versions": [ + "1.4.2", + "1.4.3" + ], + "action": "BLOCK", + "severity": "CRITICAL", + "notes": "OSV-confirmed malicious package (PYSEC-2026-1070). Review affected versions before promoting to AS-008." + }, + { + "ecosystem": "PyPI", + "ioc_type": "package_name", + "value": "ray-mcp-server", + "confidence": "high", + "reason": "Malicious code in ray-mcp-server (PyPI)", + "source": "https://osv.dev/vulnerability/PYSEC-2026-1074", + "first_seen": "2026-07-07", + "suggested_action": "block", + "promote_to": "watch_only", + "blacklist_id": "MAL-2026-5325", + "affected_versions": [ + "0.2.1" + ], + "action": "BLOCK", + "severity": "CRITICAL", + "notes": "OSV-confirmed malicious package (PYSEC-2026-1074). Review affected versions before promoting to AS-008." + } +]