PyPI · pypi.org
coverage
Py Runtime Eval Exec: Python eval()/exec() called on a string.
Why PkgRadar flagged 7.14.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Runtime Eval Exec | Python eval()/exec() called on a string. · coverage/templite.py |
| medium | Py Runtime Eval Exec | Python eval()/exec() called on a string. · coverage/execfile.py |
| medium | Py Runtime Pickle Loads | pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · coverage/execfile.py |
| medium | Remote Payload | matched "raw.githubusercontent.com" · coverage/xmlreport.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
7.14.1 | Review | 18 | 2026-05-26 |
Block this in CI
pkgradar gate --ecosystem pypi coverage==7.14.1