PkgRadar

PyPI · pypi.org

assemblyline-ui

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 4.7.5.dev8

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · assemblyline_ui/helper/submission.py

Scanned versions

VersionVerdictScoreScanned (UTC)
4.7.5.dev8Review92026-06-16
4.7.5.dev7Review92026-06-16
4.7.5.dev6Review92026-06-10
4.7.5.dev5Review92026-06-10
4.7.4.3Review242026-05-26
4.7.5.dev3Review242026-05-26
4.7.4.2Review242026-05-26
4.7.4.1Review242026-05-26
4.7.5.dev2Review242026-05-26

Block this in CI

PkgRadar gates assemblyline-ui (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi assemblyline-ui==4.7.5.dev8
Start free — 25 scans / moView full evidence