PyPI · pypi.org
esypro
Py Import Time Pickle Loads: pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled.
Why PkgRadar flagged 39.2026.6.9.10.51
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Import Time Pickle Loads | pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · esypro-39.2026.6.9.10.51/esypro/__init__.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
39.2026.6.9.10.51 | Review | 12 | 2026-06-09 |
39.2026.6.9.10.28 | Review | 12 | 2026-06-09 |
39.2026.6.9.10.8 | Review | 12 | 2026-06-09 |
39.2026.6.9.9.49 | Review | 12 | 2026-06-09 |
39.2026.6.9.9.40 | Review | 12 | 2026-06-09 |
Block this in CI
pkgradar gate --ecosystem pypi esypro==39.2026.6.9.10.51