MAL-2026-450

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sympy-dev/MAL-2026-450.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-450

Published

2026-01-22T08:18:08Z

Modified

2026-01-22T08:48:19.485349Z

Summary

Malicious code in sympy-dev (PyPI)

Details

Package downloads and executes code from remote servers, indicating malicious behavior. Multiple files and IPs involved. Package impersonates popular sympy package.

Database specific

{
    "malicious-packages-origins": null
}

References

https://app.safedep.io/community/malysis/01KF6A8XK4K2H7DWE27QVQE6S2

Credits

- SafeDep - FINDER
- - https://safedep.io

Affected packages

PyPI / sympy-dev

Package

Name: sympy-dev; View open source insights on deps.dev
Purl: pkg:pypi/sympy-dev

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.3

1.2.4

1.2.5

1.2.6

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sympy-dev/MAL-2026-450.json"