PyPI · pypi.org
pycorpdiff
Py Runtime Pickle Loads: pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled.
Why PkgRadar flagged 0.1.0a13
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Runtime Pickle Loads | pickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · pycorpdiff-0.1.0a13/src/pycorpdiff/datasets/histwords.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.1.0a27 | Low risk | 0 | 2026-05-31 |
0.1.0a26 | Low risk | 0 | 2026-05-31 |
0.1.0a25 | Low risk | 0 | 2026-05-30 |
0.1.0a18 | Low risk | 0 | 2026-05-27 |
0.1.0a17 | Low risk | 0 | 2026-05-27 |
0.1.0a16 | Low risk | 0 | 2026-05-27 |
0.1.0a15 | Low risk | 0 | 2026-05-27 |
0.1.0a14 | Low risk | 0 | 2026-05-27 |
0.1.0a13 | Review | 15 | 2026-05-26 |
Block this in CI
pkgradar gate --ecosystem pypi pycorpdiff==0.1.0a13