PkgRadar

PyPI · pypi.org

obfuscation

Py Install Time Eval Exec: Python eval()/exec() called on a string.

Early detection

PkgRadar flagged this 7h before public disclosure

Detected 2026-05-31 · disclosed as MAL-2026-5100 on 2026-05-31

Why PkgRadar flagged 3.23.3

SeveritySignalEvidence
mediumPy Install Time Eval ExecPython eval()/exec() called on a string. · obfuscation-3.23.3/setup.py

Scanned versions

VersionVerdictScoreScanned (UTC)
3.23.3Review452026-05-31
3.23.2Review452026-05-31
3.23.0Review452026-05-31

Block this in CI

PkgRadar gates obfuscation (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi obfuscation==3.23.3
Start free — 25 scans / moView full evidence