PyPI · pypi.org
lollms-client
Py Import Time Subprocess: subprocess call with shell=True — passes argv to /bin/sh.
Why PkgRadar flagged 1.14.22
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Import Time Subprocess | subprocess call with shell=True — passes argv to /bin/sh. · lollms_client-1.14.22/src/lollms_client/llm_bindings/ollama/__init__.py |
| high | Py Import Time Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · lollms_client-1.14.22/src/lollms_client/tti_bindings/diffusers/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/llm_bindings/llama_cpp_server/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/llm_bindings/ollama/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/stt_bindings/whispercpp/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/tti_bindings/diffusers/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/tti_bindings/gguf_diffusion/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/tts_bindings/FishSpeech/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/tts_bindings/bark/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/tts_bindings/piper_tts/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/tts_bindings/vibevoice/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · lollms_client-1.14.22/src/lollms_client/tts_bindings/vllm_omni/__init__.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.14.22 | High risk | 144 | 2026-06-12 |
1.14.21 | High risk | 144 | 2026-06-11 |
1.14.20 | High risk | 144 | 2026-06-10 |
1.14.19 | High risk | 144 | 2026-06-10 |
1.14.18 | High risk | 144 | 2026-06-10 |
1.14.16 | High risk | 144 | 2026-06-10 |
1.14.17 | High risk | 144 | 2026-06-10 |
1.14.15 | High risk | 144 | 2026-06-08 |
1.14.14 | High risk | 144 | 2026-06-08 |
1.14.13 | High risk | 144 | 2026-06-08 |
1.14.12 | High risk | 144 | 2026-06-05 |
1.14.11 | High risk | 144 | 2026-06-04 |
1.14.10 | High risk | 144 | 2026-06-02 |
1.14.9 | High risk | 144 | 2026-06-01 |
1.14.8 | High risk | 144 | 2026-05-31 |
1.14.7 | High risk | 144 | 2026-05-31 |
1.14.6 | High risk | 144 | 2026-05-31 |
1.14.5 | High risk | 144 | 2026-05-30 |
1.14.4 | High risk | 144 | 2026-05-30 |
1.14.2 | High risk | 144 | 2026-05-30 |
1.14.1 | High risk | 144 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem pypi lollms-client==1.14.22