PyPI · pypi.org
c2pa-python
Credential file access: matched "GITHUB_TOKEN"
Why PkgRadar flagged 0.32.9
| Severity | Signal | Evidence |
|---|---|---|
| medium | Credential file access | matched "GITHUB_TOKEN" · c2pa_python-0.32.9/scripts/download_artifacts.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.35.0 | Low risk | 0 | 2026-06-15 |
0.34.0 | Low risk | 0 | 2026-06-12 |
0.32.14 | Low risk | 0 | 2026-06-09 |
0.32.13 | Low risk | 0 | 2026-06-09 |
0.32.12 | Low risk | 0 | 2026-06-03 |
0.32.11 | Low risk | 0 | 2026-06-03 |
0.32.10 | Low risk | 0 | 2026-06-02 |
0.32.9 | Review | 5 | 2026-05-27 |
0.32.8 | Review | 5 | 2026-05-26 |
Block this in CI
pkgradar gate --ecosystem pypi c2pa-python==0.32.9