PyPI · pypi.org
girder-large-image
Py Runtime Subprocess: subprocess call — process spawning.
Why PkgRadar flagged 1.34.2.dev20
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Runtime Subprocess | subprocess call — process spawning. · girder_large_image-1.34.2.dev20/test_girder/conftest.py |
| medium | Py Runtime Pickle Loads | pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · girder_large_image-1.34.2.dev20/girder_large_image/models/image_item.py |
| medium | Py Runtime Pickle Loads | pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · girder_large_image-1.34.2.dev20/test_girder/test_tiles_rest.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.34.3.dev4 | Low risk | 0 | 2026-06-04 |
1.34.3.dev2 | Low risk | 0 | 2026-06-04 |
1.34.2 | Low risk | 0 | 2026-06-02 |
1.34.3a171 | Low risk | 0 | 2026-06-02 |
1.34.2.dev28 | Low risk | 0 | 2026-06-01 |
1.34.2.dev26 | Low risk | 0 | 2026-06-01 |
1.34.2.dev24 | Low risk | 0 | 2026-05-28 |
1.34.2.dev22 | Low risk | 0 | 2026-05-28 |
1.34.2.dev20 | Review | 16 | 2026-05-26 |
Block this in CI
pkgradar gate --ecosystem pypi girder-large-image==1.34.2.dev20