PkgRadar

PyPI · pypi.org

flux-core

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.50.2

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · flux_core-0.50.2/flux/worker.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.50.2High risk172026-06-15
0.50.1High risk172026-06-13
0.50.0High risk172026-06-12
0.49.0High risk172026-06-12
0.48.0High risk172026-06-12
0.47.0High risk172026-06-12
0.46.0High risk172026-06-12
0.45.0High risk172026-06-12
0.44.0High risk172026-06-12
0.43.0High risk172026-06-12
0.42.0High risk172026-06-11
0.41.0High risk172026-06-11
0.40.0High risk172026-06-11
0.39.0High risk172026-06-11
0.38.0High risk172026-06-11
0.37.0High risk172026-06-10
0.36.1High risk172026-06-03

Block this in CI

PkgRadar gates flux-core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi flux-core==0.50.2
Start free — 25 scans / moView full evidence