MAL-2026-627

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/theanswre/MAL-2026-627.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-627

Published

2026-01-29T13:57:51Z

Modified

2026-02-02T01:49:40.636991Z

Summary

Malicious code in theanswre (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (3a5007e2f06a55345366f95d0073e9980436e74745540a4e9b43c8a1836c4bef)

The OpenSSF Package Analysis project identified 'theanswre' @ 0.2.4 (pypi) as malicious.

It is considered malicious because:

The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2026-02-02T01:38:39.653421019Z",
            "sha256": "3a5007e2f06a55345366f95d0073e9980436e74745540a4e9b43c8a1836c4bef",
            "source": "ossf-package-analysis",
            "modified_time": "2026-01-29T14:41:15Z",
            "versions": [
                "0.2.4"
            ]
        },
        {
            "import_time": "2026-02-02T01:38:39.578136722Z",
            "sha256": "45dbf5bdf840fa0173344518444d39fdecff9be094deced8fb707355c6769abb",
            "source": "ossf-package-analysis",
            "modified_time": "2026-01-29T14:41:05Z",
            "versions": [
                "0.2.3"
            ]
        },
        {
            "import_time": "2026-02-02T01:38:39.757836376Z",
            "sha256": "b528f70fd22d5513eef745a42f18284c9f22d8284406c869db3dbb9e1b9883bc",
            "source": "ossf-package-analysis",
            "modified_time": "2026-01-29T15:15:41Z",
            "versions": [
                "0.2.5"
            ]
        },
        {
            "import_time": "2026-02-02T01:38:39.309837224Z",
            "sha256": "b8cfa9a09ba99e34481fa5749728bf1dda88c17257861e91364919b13b5f986e",
            "source": "ossf-package-analysis",
            "modified_time": "2026-01-29T13:57:51Z",
            "versions": [
                "0.2.2"
            ]
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

PyPI / theanswre

Package

Name: theanswre; View open source insights on deps.dev
Purl: pkg:pypi/theanswre

Affected ranges

Affected versions

0.*

0.2.2

0.2.3

0.2.4

0.2.5

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/theanswre/MAL-2026-627.json"