PkgRadar

PyPI · pypi.org

paddleocr

Py Import Time Eval Exec: Python eval()/exec() called on a string.

Why PkgRadar flagged 3.7.0

SeveritySignalEvidence
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · paddleocr-3.7.0/ppocr/data/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · paddleocr-3.7.0/ppocr/data/imaug/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · paddleocr-3.7.0/ppocr/postprocess/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
3.7.0Review252026-06-11
3.6.0Review372026-05-28

Block this in CI

PkgRadar gates paddleocr (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi paddleocr==3.7.0
Start free — 25 scans / moView full evidence