{"id":"MAL-2026-450","summary":"Malicious code in sympy-dev (PyPI)","details":"Package downloads and executes code from remote servers, indicating malicious behavior. Multiple files and IPs involved. Package impersonates popular sympy package.","modified":"2026-01-22T08:48:19.485349Z","published":"2026-01-22T08:18:08Z","database_specific":{"malicious-packages-origins":null},"references":[{"type":"REPORT","url":"https://app.safedep.io/community/malysis/01KF6A8XK4K2H7DWE27QVQE6S2"}],"affected":[{"package":{"name":"sympy-dev","ecosystem":"PyPI","purl":"pkg:pypi/sympy-dev"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.2.3","1.2.4","1.2.5","1.2.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sympy-dev/MAL-2026-450.json"}}],"schema_version":"1.7.3","credits":[{"name":"SafeDep","contact":["https://safedep.io"],"type":"FINDER"}]}