VDB
KO

MAL-2026-5367

Malicious code in odoo-addon-spp-base (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (c6e43f21a6bdcbb6cfa1837833232c9888fb8012bd2ebae8607a6d08eaee9f06) No suspicious behaviors were observed in this package. There are no install-time or import-time network calls, no credential or filesystem access patterns, no obfuscated payloads, and no lifecycle scripts performing privileged operations. The package appears to be a standard Odoo addon module.

## Source: ossf-package-analysis (da9c7bdf0b4ac969bfa720be2b3f87caa4c82a6d3ac7eeda5e74946aa3c1a1de) The OpenSSF Package Analysis project identified 'odoo-addon-spp-base' @ 99.0.0 (pypi) as malicious.

It is considered malicious because:

- The package communicates with a domain associated with malicious activity.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / odoo-addon-spp-base

No fixed version published yet for odoo-addon-spp-base (pip). Pin to a known-safe version or switch to an alternative.

References