MAL-2025-47868
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bioql/MAL-2025-47868.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-47868
- Published
- 2025-09-30T19:03:01Z
- Modified
- 2025-10-11T00:23:14Z
- Summary
- Malicious code in bioql (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (2c883d47bd0d35130e4d53d9fc0f96211a30f4a62ad8a4490431ae9a1adaed8f)
The OpenSSF Package Analysis project identified 'bioql' @ 3.0.2 (pypi) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "sha256": "2c883d47bd0d35130e4d53d9fc0f96211a30f4a62ad8a4490431ae9a1adaed8f", "modified_time": "2025-09-30T19:03:01Z", "versions": [ "3.0.2" ], "import_time": "2025-09-30T19:05:28.080512103Z", "source": "ossf-package-analysis" }, { "sha256": "ff0ec93043fb5fd616ecdcaef4f3c8dde5919649bf9d78bbe8fc3caeba760e3c", "modified_time": "2025-09-30T19:03:11Z", "versions": [ "3.0.1" ], "import_time": "2025-09-30T19:05:28.175534133Z", "source": "ossf-package-analysis" }, { "sha256": "a81b1cdae13ddc3ffdef5d722c246d35ee7ed57b39abfee46cf0a6baad3d892e", "modified_time": "2025-10-03T20:07:09Z", "versions": [ "3.1.0" ], "import_time": "2025-10-03T20:35:38.667878784Z", "source": "ossf-package-analysis" }, { "sha256": "23ea70ecd58af2aa6707e25238ba7fbd08909d6cb2d391e2bf50d9b9987894da", "modified_time": "2025-10-04T03:29:44Z", "versions": [ "3.1.1" ], "import_time": "2025-10-04T03:37:57.423117831Z", "source": "ossf-package-analysis" }, { "sha256": "0a81b7d000b4c7b925388ec2a1ceebdea5589a624f37a2b591fa07720af8d546", "modified_time": "2025-10-04T15:54:31Z", "versions": [ "4.0.0" ], "import_time": "2025-10-04T16:06:09.190650805Z", "source": "ossf-package-analysis" }, { "sha256": "27bd603247be55c123acb5fa17b0b64ec7b760ca82b4fab0b3269dbdf47dad33", "modified_time": "2025-10-05T15:42:20Z", "versions": [ "5.0.4" ], "import_time": "2025-10-05T16:06:02.944331474Z", "source": "ossf-package-analysis" }, { "sha256": "2b208c9e401537a042a7692c6eee752774f1996c957ef770ce9c4236ddf0b3b2", "modified_time": "2025-10-05T17:56:01Z", "versions": [ "5.0.5" ], "import_time": "2025-10-05T18:06:57.99769383Z", "source": "ossf-package-analysis" }, { "sha256": "345b9a265c74edb69cc07e611783561a5b83cd21b642948161706d6f4f56bab4", "modified_time": "2025-10-05T23:02:09Z", "versions": [ "5.0.6" ], "import_time": "2025-10-05T23:05:18.679567844Z", "source": "ossf-package-analysis" }, { "sha256": "3eb72be2399b6815e78938713da17f171bc72b50686c5932fca306cc23ab40d1", "modified_time": "2025-10-05T23:53:59Z", "versions": [ "5.0.7" ], "import_time": "2025-10-06T00:24:15.259184101Z", "source": "ossf-package-analysis" }, { "sha256": "8693aa142bee92806c15c24ebccfe5226c0587baf01ceb6d2a0967b70cae6a41", "modified_time": "2025-10-06T01:53:33Z", "versions": [ "5.1.0" ], "import_time": "2025-10-06T02:33:16.144628303Z", "source": "ossf-package-analysis" }, { "sha256": "b3bdc46e78aec0b5392d985ef6306876770f50a2c75481e22f7fca0c32f6a698", "modified_time": "2025-10-06T01:35:50Z", "versions": [ "5.0.8" ], "import_time": "2025-10-06T02:33:16.02308017Z", "source": "ossf-package-analysis" }, { "sha256": "60623b7d85279fb2c0b8d7f534a6bf3ed6d39b32aa407faa67a1da9f97e15d1c", "modified_time": "2025-10-06T02:53:11Z", "versions": [ "5.1.1" ], "import_time": "2025-10-06T03:20:29.142483592Z", "source": "ossf-package-analysis" }, { "sha256": "ff3286a363b7348ff2428b87a0175a6a234b247349fb78d27ce953e52f93e82f", "modified_time": "2025-10-06T12:56:55Z", "versions": [ "5.2.0" ], "import_time": "2025-10-06T13:14:34.1621946Z", "source": "ossf-package-analysis" }, { "sha256": "29410e92f9ea0ae5e64f56652e5e1a60d65002c2f70d9071f11ec821b07fb3a5", "modified_time": "2025-10-06T14:43:53Z", "versions": [ "5.2.1" ], "import_time": "2025-10-06T15:06:38.610336503Z", "source": "ossf-package-analysis" }, { "sha256": "50e024767f82108ed298a4755017f39cb99aa6753fbe66eb4db26d9372b930db", "modified_time": "2025-10-06T15:26:39Z", "versions": [ "5.3.0" ], "import_time": "2025-10-06T15:35:45.496401591Z", "source": "ossf-package-analysis" }, { "sha256": "29a54e7b6bde624c0fe84024c9c73ffb0fd10e982de3b2c10f486eb14f7ae109", "modified_time": "2025-10-06T16:16:05Z", "versions": [ "5.3.1" ], "import_time": "2025-10-06T16:39:22.328857135Z", "source": "ossf-package-analysis" }, { "sha256": "f564ac669a4f1d2dad03b1591dc983b8d56188402b5c48f45a3a043726657276", "modified_time": "2025-10-06T17:44:14Z", "versions": [ "5.3.4" ], "import_time": "2025-10-06T18:08:37.673778844Z", "source": "ossf-package-analysis" }, { "sha256": "93edac1412729b67e0dc5f93ed9a8295331b00196f74d1495e0b5125e018bce8", "modified_time": "2025-10-06T19:07:55Z", "versions": [ "5.3.6" ], "import_time": "2025-10-06T19:34:39.014024779Z", "source": "ossf-package-analysis" }, { "sha256": "993f1a5389f448d35d9b20a993eb67e810b7b3be303dbf10cc73460cfe14edeb", "modified_time": "2025-10-08T01:01:05Z", "versions": [ "5.4.0" ], "import_time": "2025-10-08T01:33:45.956370781Z", "source": "ossf-package-analysis" }, { "sha256": "1029cd0330809638a339561f2fd723340961441937b89da5e618e57ecc37f9e4", "modified_time": "2025-10-08T18:21:18Z", "versions": [ "5.5.0" ], "import_time": "2025-10-08T18:42:25.229409598Z", "source": "ossf-package-analysis" }, { "sha256": "8a5648c310a062b7f6695cc36f4b500145d1eddf1bef4fc2e2470425c5005e2e", "modified_time": "2025-10-08T21:27:44Z", "versions": [ "5.5.5" ], "import_time": "2025-10-08T21:34:24.259064111Z", "source": "ossf-package-analysis" }, { "sha256": "c0c299617986962f3570daa8919c860e5c4c2562edef7f2cec5d526ec59898ad", "modified_time": "2025-10-10T16:00:03Z", "versions": [ "5.5.7" ], "import_time": "2025-10-10T16:07:31.534863059Z", "source": "ossf-package-analysis" }, { "sha256": "2a1811687bb598be3bdcf67bb13e4ef225fc1067015e4f681487e4129b80a882", "modified_time": "2025-10-10T19:57:49Z", "versions": [ "5.5.8" ], "import_time": "2025-10-10T20:06:52.013417682Z", "source": "ossf-package-analysis" }, { "sha256": "295d7c5870b7496c82db53318962714f93138f9146def1d012584b202d25bcab", "modified_time": "2025-10-10T21:40:55Z", "versions": [ "5.6.0" ], "import_time": "2025-10-10T22:05:31.868407051Z", "source": "ossf-package-analysis" }, { "sha256": "4766aeae56293f0f7a0bea0bb1a81dc46a2f43e7fa501a8c6f7271fb230074a0", "modified_time": "2025-10-10T21:39:23Z", "versions": [ "5.6.1" ], "import_time": "2025-10-10T22:05:31.599500251Z", "source": "ossf-package-analysis" }, { "sha256": "09739749453ddaedda6e966993bb362daba936383612029fc61a7900f1127b93", "modified_time": "2025-10-10T23:51:05Z", "versions": [ "5.6.2" ], "import_time": "2025-10-11T00:22:38.949575437Z", "source": "ossf-package-analysis" } ] }- References
-
- Credits
-
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
PyPI / bioql
Package
- Name
- bioql
- View open source insights on deps.dev
- Purl
- pkg:pypi/bioql