PkgRadar

PyPI · pypi.org

qontract-reconcile

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.10.2.dev700

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · qontract_reconcile-0.10.2.dev700/reconcile/openshift_cluster_bots.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.10.2.dev700High risk422026-06-12
0.10.2.dev699High risk422026-06-12
0.10.2.dev698High risk422026-06-12
0.10.2.dev697High risk422026-06-12
0.10.2.dev696High risk422026-06-11
0.10.2.dev695High risk422026-06-11
0.10.2.dev694High risk422026-06-11
0.10.2.dev693High risk422026-06-11
0.10.2.dev692High risk422026-06-11
0.10.2.dev691High risk422026-06-10
0.10.2.dev690High risk422026-06-10
0.10.2.dev689High risk422026-06-10
0.10.2.dev688High risk422026-06-09
0.10.2.dev687High risk422026-06-09
0.10.2.dev686High risk422026-06-09
0.10.2.dev685High risk422026-06-09
0.10.2.dev684High risk422026-06-09
0.10.2.dev683High risk422026-06-09
0.10.2.dev682High risk422026-06-09
0.10.2.dev681High risk422026-06-08
0.10.2.dev680High risk422026-06-04
0.10.2.dev679High risk422026-06-04
0.10.2.dev678High risk422026-06-04
0.10.2.dev677High risk422026-06-04
0.10.2.dev676High risk422026-06-03
0.10.2.dev675High risk422026-06-03
0.10.2.dev674High risk422026-06-02
0.10.2.dev673High risk422026-06-01
0.10.2.dev672High risk422026-05-30
0.10.2.dev671High risk422026-05-30
0.10.2.dev670High risk422026-05-30
0.10.2.dev669High risk422026-05-30
0.10.2.dev668High risk422026-05-30
0.10.2.dev667High risk422026-05-30
0.10.2.dev666High risk422026-05-30
0.10.2.dev665High risk422026-05-30
0.10.2.dev664High risk422026-05-30

Block this in CI

PkgRadar gates qontract-reconcile (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi qontract-reconcile==0.10.2.dev700
Start free — 25 scans / moView full evidence