PkgRadar

PyPI · pypi.org

pyxllib

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 4.53

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · pyxllib-4.53/src/pyxllib/prog/xlenv.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · pyxllib-4.53/src/pyxlpr/ppocr/tools/infer/utility.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · pyxllib-4.53/src/pyxlpr/ppocr/data/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · pyxllib-4.53/src/pyxlpr/ppocr/data/imaug/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · pyxllib-4.53/src/pyxlpr/ppocr/losses/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · pyxllib-4.53/src/pyxlpr/ppocr/metrics/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · pyxllib-4.53/src/pyxlpr/ppocr/modeling/backbones/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · pyxllib-4.53/src/pyxlpr/ppocr/modeling/heads/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · pyxllib-4.53/src/pyxlpr/ppocr/modeling/necks/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · pyxllib-4.53/src/pyxlpr/ppocr/modeling/transforms/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · pyxllib-4.53/src/pyxlpr/ppocr/postprocess/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
4.53Review302026-05-29

Block this in CI

PkgRadar gates pyxllib (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi pyxllib==4.53
Start free — 25 scans / moView full evidence