PyPI · pypi.org
gallery-dl
Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.
Why PkgRadar flagged 1.32.2
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · gallery_dl-1.32.2/gallery_dl/util.py |
| medium | Py Import Time Pickle Loads | pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · gallery_dl-1.32.2/gallery_dl/__init__.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.32.2 | Review | 16 | 2026-06-06 |
Block this in CI
pkgradar gate --ecosystem pypi gallery-dl==1.32.2