MAL-2025-3741

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dial-xl/MAL-2025-3741.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-3741

Published

2025-05-10T13:41:29Z

Modified

2025-05-10T13:41:29Z

Summary

Malicious code in dial-xl (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (0febe63d78b1149e91af60c89ae73e492d43cb35f04dc6aaee2c4048987081a9)

The OpenSSF Package Analysis project identified 'dial-xl' @ 0.0.1 (pypi) as malicious.

It is considered malicious because:

The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-05-10T13:41:29Z",
            "import_time": "2025-05-12T00:25:55.382499014Z",
            "versions": [
                "0.0.1"
            ],
            "source": "ossf-package-analysis",
            "sha256": "0febe63d78b1149e91af60c89ae73e492d43cb35f04dc6aaee2c4048987081a9"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

MAL-2025-3741

Source: ossf-package-analysis (0febe63d78b1149e91af60c89ae73e492d43cb35f04dc6aaee2c4048987081a9)

Affected packages

PyPI / dial-xl

Package

Affected ranges

Affected versions

0.*