PyPI · pypi.org

filedna

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.2.6

Severity	Signal	Evidence
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · filedna-1.2.6/testenv/Lib/site-packages/PIL/ImageGrab.py
medium	Py Import Time Eval Exec	Python eval()/exec() called on a string. · filedna-1.2.6/testenv/Lib/site-packages/pip/_vendor/pkg_resources/__init__.py
medium	Py Import Time Eval Exec	Python eval()/exec() called on a string. · filedna-1.2.6/testenv/Lib/site-packages/pkg_resources/__init__.py
medium	Py Import Time Ctypes Load	ctypes.CDLL/cdll.LoadLibrary — loads native code into the process. · filedna-1.2.6/testenv/Lib/site-packages/pypdfium2_raw/__init__.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.2.6`	High risk	127	2026-06-11
`1.2.4`	Low risk	0	2026-06-11

Block this in CI

PkgRadar gates filedna (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi filedna==1.2.6