PyPI · pypi.org

conexus

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 5.10.6

Severity	Signal	Evidence
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · conexus-5.10.6/src/nexus/daemon/t2_daemon.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`5.10.6`	High risk	30	2026-06-07
`5.10.5`	High risk	30	2026-06-06
`5.10.4`	High risk	30	2026-06-06
`5.10.3`	High risk	30	2026-06-05
`5.10.2`	High risk	30	2026-06-05
`5.10.1`	High risk	30	2026-06-05
`5.10.0`	High risk	30	2026-06-05
`5.9.3`	High risk	30	2026-06-04
`5.9.2`	High risk	30	2026-06-03
`5.9.1`	High risk	30	2026-06-03
`5.9.0`	High risk	30	2026-06-02
`5.8.0`	High risk	30	2026-06-02
`5.7.0`	High risk	30	2026-06-02
`5.6.2`	High risk	30	2026-06-01
`5.6.1`	High risk	30	2026-06-01
`5.6.0`	High risk	30	2026-06-01
`5.5.1`	High risk	30	2026-05-31
`5.5.0`	High risk	30	2026-05-31
`5.4.5`	High risk	30	2026-05-30
`5.4.4`	High risk	30	2026-05-30
`5.4.3`	High risk	30	2026-05-30
`5.4.2`	High risk	30	2026-05-30
`5.4.1`	High risk	30	2026-05-30
`5.4.0`	High risk	30	2026-05-30
`5.3.1`	High risk	30	2026-05-30
`5.3.0`	High risk	30	2026-05-30
`5.2.0`	High risk	30	2026-05-30
`5.1.5`	High risk	30	2026-05-30
`5.1.2`	Low risk	0	2026-05-30
`5.1.4`	Low risk	0	2026-05-27
`5.1.3`	Low risk	0	2026-05-26

Block this in CI

PkgRadar gates conexus (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi conexus==5.10.6