PyPI · pypi.org
hikyuu
Py Import Time Os System: Direct shell invocation via os.system / os.popen / os.exec*.
Why PkgRadar flagged 2.8.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Import Time Os System | Direct shell invocation via os.system / os.popen / os.exec*. · hikyuu/__init__.py |
| medium | Py Import Time Pickle Loads | pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · hikyuu/__init__.py |
| medium | Large Native Blob | 6541200 bytes · hikyuu/cpp/core310.so |
| medium | Large Native Blob | 6541264 bytes · hikyuu/cpp/core311.so |
| medium | Large Native Blob | 6623472 bytes · hikyuu/cpp/core312.so |
| medium | Large Native Blob | 6623664 bytes · hikyuu/cpp/core313.so |
| medium | Large Native Blob | 6672944 bytes · hikyuu/cpp/core314.so |
| medium | Large Native Blob | 36617984 bytes · hikyuu/cpp/libhikyuu.dylib |
| medium | Large Native Blob | 7579312 bytes · hikyuu/cpp/libmysqlclient.21.dylib |
| medium | Large Native Blob | 7579344 bytes · hikyuu/cpp/libmysqlclient.dylib |
| medium | Large Native Blob | 7779704 bytes · hikyuu/plugin/libclickhousedriver.dylib |
| medium | Large Native Blob | 7235008 bytes · hikyuu/plugin/libdataserver.dylib |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.8.0 | High risk | 121 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem pypi hikyuu==2.8.0