I'm a Cyber Security researcher developing PackjGuard [1]. Our tool has detected a deleted dependency vulnerability in this repository.
The package qiskit-quantinuum-provider mentioned in file README at line 14 does not exist on the public Pypi registry. A bad actor can hijack this package to propagate malicious code.
Not only your apps/service is vulnerable to this attack, but users of your open-source Github repo are also vulnerable to this attack.
Please highlight this in file README and register a placeholder package for qiskit-quantinuum-provider on public Pypi soon to remediate.
Thanks!
PackjGuard is a Github app that monitors repos for malicious/vulnerable dependencies and mitigates attacks by creating pull requests for automatic remediation https://github.com/marketplace/packjguard
I'm a Cyber Security researcher developing PackjGuard [1]. Our tool has detected a deleted dependency vulnerability in this repository.
The package
qiskit-quantinuum-providermentioned in fileREADMEat line 14 does not exist on the public Pypi registry. A bad actor can hijack this package to propagate malicious code.Not only your apps/service is vulnerable to this attack, but users of your open-source Github repo are also vulnerable to this attack.
Please highlight this in file README and register a placeholder package for
qiskit-quantinuum-provideron public Pypi soon to remediate.Thanks!
PackjGuard is a Github app that monitors repos for malicious/vulnerable dependencies and mitigates attacks by creating pull requests for automatic remediation https://github.com/marketplace/packjguard