PyPI · pypi.org

dawgie

Py Import Time Os System: Direct shell invocation via os.system / os.popen / os.exec*.

Why PkgRadar flagged 2.1.1rc1

Severity	Signal	Evidence
high	Py Import Time Os System	Direct shell invocation via os.system / os.popen / os.exec*. · dawgie/db/shelve/__init__.py
medium	Py Import Time Subprocess	subprocess call — process spawning. · dawgie/db/util/__init__.py
medium	Py Import Time Pickle Loads	pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · dawgie/db/util/__init__.py
medium	Py Import Time Pickle Loads	pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · dawgie/pl/logger/__init__.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.1.1rc1`	High risk	65	2026-06-09

Block this in CI

PkgRadar gates dawgie (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi dawgie==2.1.1rc1