{"id":"MAL-2025-47868","summary":"Malicious code in bioql (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (2c883d47bd0d35130e4d53d9fc0f96211a30f4a62ad8a4490431ae9a1adaed8f)\nThe OpenSSF Package Analysis project identified 'bioql' @ 3.0.2 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2025-10-11T00:23:14Z","published":"2025-09-30T19:03:01Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","import_time":"2025-09-30T19:05:28.080512103Z","versions":["3.0.2"],"sha256":"2c883d47bd0d35130e4d53d9fc0f96211a30f4a62ad8a4490431ae9a1adaed8f","modified_time":"2025-09-30T19:03:01Z"},{"source":"ossf-package-analysis","import_time":"2025-09-30T19:05:28.175534133Z","versions":["3.0.1"],"sha256":"ff0ec93043fb5fd616ecdcaef4f3c8dde5919649bf9d78bbe8fc3caeba760e3c","modified_time":"2025-09-30T19:03:11Z"},{"source":"ossf-package-analysis","import_time":"2025-10-03T20:35:38.667878784Z","versions":["3.1.0"],"sha256":"a81b1cdae13ddc3ffdef5d722c246d35ee7ed57b39abfee46cf0a6baad3d892e","modified_time":"2025-10-03T20:07:09Z"},{"source":"ossf-package-analysis","import_time":"2025-10-04T03:37:57.423117831Z","versions":["3.1.1"],"sha256":"23ea70ecd58af2aa6707e25238ba7fbd08909d6cb2d391e2bf50d9b9987894da","modified_time":"2025-10-04T03:29:44Z"},{"source":"ossf-package-analysis","import_time":"2025-10-04T16:06:09.190650805Z","versions":["4.0.0"],"sha256":"0a81b7d000b4c7b925388ec2a1ceebdea5589a624f37a2b591fa07720af8d546","modified_time":"2025-10-04T15:54:31Z"},{"source":"ossf-package-analysis","import_time":"2025-10-05T16:06:02.944331474Z","versions":["5.0.4"],"sha256":"27bd603247be55c123acb5fa17b0b64ec7b760ca82b4fab0b3269dbdf47dad33","modified_time":"2025-10-05T15:42:20Z"},{"source":"ossf-package-analysis","import_time":"2025-10-05T18:06:57.99769383Z","versions":["5.0.5"],"sha256":"2b208c9e401537a042a7692c6eee752774f1996c957ef770ce9c4236ddf0b3b2","modified_time":"2025-10-05T17:56:01Z"},{"source":"ossf-package-analysis","import_time":"2025-10-05T23:05:18.679567844Z","versions":["5.0.6"],"sha256":"345b9a265c74edb69cc07e611783561a5b83cd21b642948161706d6f4f56bab4","modified_time":"2025-10-05T23:02:09Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T00:24:15.259184101Z","versions":["5.0.7"],"sha256":"3eb72be2399b6815e78938713da17f171bc72b50686c5932fca306cc23ab40d1","modified_time":"2025-10-05T23:53:59Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T02:33:16.144628303Z","versions":["5.1.0"],"sha256":"8693aa142bee92806c15c24ebccfe5226c0587baf01ceb6d2a0967b70cae6a41","modified_time":"2025-10-06T01:53:33Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T02:33:16.02308017Z","versions":["5.0.8"],"sha256":"b3bdc46e78aec0b5392d985ef6306876770f50a2c75481e22f7fca0c32f6a698","modified_time":"2025-10-06T01:35:50Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T03:20:29.142483592Z","versions":["5.1.1"],"sha256":"60623b7d85279fb2c0b8d7f534a6bf3ed6d39b32aa407faa67a1da9f97e15d1c","modified_time":"2025-10-06T02:53:11Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T13:14:34.1621946Z","versions":["5.2.0"],"sha256":"ff3286a363b7348ff2428b87a0175a6a234b247349fb78d27ce953e52f93e82f","modified_time":"2025-10-06T12:56:55Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T15:06:38.610336503Z","versions":["5.2.1"],"sha256":"29410e92f9ea0ae5e64f56652e5e1a60d65002c2f70d9071f11ec821b07fb3a5","modified_time":"2025-10-06T14:43:53Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T15:35:45.496401591Z","versions":["5.3.0"],"sha256":"50e024767f82108ed298a4755017f39cb99aa6753fbe66eb4db26d9372b930db","modified_time":"2025-10-06T15:26:39Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T16:39:22.328857135Z","versions":["5.3.1"],"sha256":"29a54e7b6bde624c0fe84024c9c73ffb0fd10e982de3b2c10f486eb14f7ae109","modified_time":"2025-10-06T16:16:05Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T18:08:37.673778844Z","versions":["5.3.4"],"sha256":"f564ac669a4f1d2dad03b1591dc983b8d56188402b5c48f45a3a043726657276","modified_time":"2025-10-06T17:44:14Z"},{"source":"ossf-package-analysis","import_time":"2025-10-06T19:34:39.014024779Z","versions":["5.3.6"],"sha256":"93edac1412729b67e0dc5f93ed9a8295331b00196f74d1495e0b5125e018bce8","modified_time":"2025-10-06T19:07:55Z"},{"source":"ossf-package-analysis","import_time":"2025-10-08T01:33:45.956370781Z","versions":["5.4.0"],"sha256":"993f1a5389f448d35d9b20a993eb67e810b7b3be303dbf10cc73460cfe14edeb","modified_time":"2025-10-08T01:01:05Z"},{"source":"ossf-package-analysis","import_time":"2025-10-08T18:42:25.229409598Z","versions":["5.5.0"],"sha256":"1029cd0330809638a339561f2fd723340961441937b89da5e618e57ecc37f9e4","modified_time":"2025-10-08T18:21:18Z"},{"source":"ossf-package-analysis","import_time":"2025-10-08T21:34:24.259064111Z","versions":["5.5.5"],"sha256":"8a5648c310a062b7f6695cc36f4b500145d1eddf1bef4fc2e2470425c5005e2e","modified_time":"2025-10-08T21:27:44Z"},{"source":"ossf-package-analysis","import_time":"2025-10-10T16:07:31.534863059Z","versions":["5.5.7"],"sha256":"c0c299617986962f3570daa8919c860e5c4c2562edef7f2cec5d526ec59898ad","modified_time":"2025-10-10T16:00:03Z"},{"source":"ossf-package-analysis","import_time":"2025-10-10T20:06:52.013417682Z","versions":["5.5.8"],"sha256":"2a1811687bb598be3bdcf67bb13e4ef225fc1067015e4f681487e4129b80a882","modified_time":"2025-10-10T19:57:49Z"},{"source":"ossf-package-analysis","import_time":"2025-10-10T22:05:31.868407051Z","versions":["5.6.0"],"sha256":"295d7c5870b7496c82db53318962714f93138f9146def1d012584b202d25bcab","modified_time":"2025-10-10T21:40:55Z"},{"source":"ossf-package-analysis","import_time":"2025-10-10T22:05:31.599500251Z","versions":["5.6.1"],"sha256":"4766aeae56293f0f7a0bea0bb1a81dc46a2f43e7fa501a8c6f7271fb230074a0","modified_time":"2025-10-10T21:39:23Z"},{"source":"ossf-package-analysis","import_time":"2025-10-11T00:22:38.949575437Z","versions":["5.6.2"],"sha256":"09739749453ddaedda6e966993bb362daba936383612029fc61a7900f1127b93","modified_time":"2025-10-10T23:51:05Z"}]},"affected":[{"package":{"name":"bioql","ecosystem":"PyPI","purl":"pkg:pypi/bioql"},"versions":["3.0.2","3.0.1","3.1.0","3.1.1","4.0.0","5.0.4","5.0.5","5.0.6","5.0.7","5.1.0","5.0.8","5.1.1","5.2.0","5.2.1","5.3.0","5.3.1","5.3.4","5.3.6","5.4.0","5.5.0","5.5.5","5.5.7","5.5.8","5.6.0","5.6.1","5.6.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bioql/MAL-2025-47868.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}