PkgRadar

PyPI · pypi.org

guanlan

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.6.19

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · guanlan-0.6.19/guanlan/web/_legacy_web_impl.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.6.19High risk302026-06-17
0.6.18High risk302026-06-15
0.6.17High risk302026-06-09
0.6.16High risk302026-06-02
0.6.15High risk302026-06-01
0.6.14High risk302026-05-31
0.6.13High risk302026-05-30
0.6.12High risk302026-05-30
0.6.11High risk302026-05-30

Block this in CI

PkgRadar gates guanlan (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi guanlan==0.6.19
Start free — 25 scans / moView full evidence
guanlan — PyPI security scan | PkgRadar