{"id":"MAL-2026-627","summary":"Malicious code in theanswre (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (3a5007e2f06a55345366f95d0073e9980436e74745540a4e9b43c8a1836c4bef)\nThe OpenSSF Package Analysis project identified 'theanswre' @ 0.2.4 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-02-02T01:49:40.636991Z","published":"2026-01-29T13:57:51Z","database_specific":{"malicious-packages-origins":[{"sha256":"3a5007e2f06a55345366f95d0073e9980436e74745540a4e9b43c8a1836c4bef","source":"ossf-package-analysis","modified_time":"2026-01-29T14:41:15Z","versions":["0.2.4"],"import_time":"2026-02-02T01:38:39.653421019Z"},{"sha256":"45dbf5bdf840fa0173344518444d39fdecff9be094deced8fb707355c6769abb","source":"ossf-package-analysis","modified_time":"2026-01-29T14:41:05Z","versions":["0.2.3"],"import_time":"2026-02-02T01:38:39.578136722Z"},{"sha256":"b528f70fd22d5513eef745a42f18284c9f22d8284406c869db3dbb9e1b9883bc","source":"ossf-package-analysis","modified_time":"2026-01-29T15:15:41Z","versions":["0.2.5"],"import_time":"2026-02-02T01:38:39.757836376Z"},{"sha256":"b8cfa9a09ba99e34481fa5749728bf1dda88c17257861e91364919b13b5f986e","source":"ossf-package-analysis","modified_time":"2026-01-29T13:57:51Z","versions":["0.2.2"],"import_time":"2026-02-02T01:38:39.309837224Z"}]},"affected":[{"package":{"name":"theanswre","ecosystem":"PyPI","purl":"pkg:pypi/theanswre"},"versions":["0.2.4","0.2.3","0.2.5","0.2.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/theanswre/MAL-2026-627.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}