PyPI · pypi.org
parsimonius
Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.
Early detection
PkgRadar flagged this 8h before public disclosure
Detected 2026-06-01 · disclosed as MAL-2026-5151 on 2026-06-02
Why PkgRadar flagged 0.12.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Dynamic Dangerous Import | Dynamic __import__('os') — reflection bypass for static checks. · parsimonius-0.12.0/parsimonius/nodes.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.12.0 | High risk | 30 | 2026-06-01 |
0.10.0 | High risk | 30 | 2026-06-01 |
0.11.6 | High risk | 30 | 2026-06-01 |
0.11.5 | High risk | 30 | 2026-06-01 |
0.11.4 | High risk | 30 | 2026-06-01 |
0.11.3 | High risk | 30 | 2026-06-01 |
0.11.2 | Low risk | 0 | 2026-06-01 |
0.11.1 | Low risk | 0 | 2026-06-01 |
0.11.0 | Low risk | 0 | 2026-06-01 |
Block this in CI
pkgradar gate --ecosystem pypi parsimonius==0.12.0