PkgRadar

PyPI · pypi.org

search-vulns

Remote Payload: matched "wget "

Why PkgRadar flagged 1.1.0

SeveritySignalEvidence
mediumRemote Payloadmatched "wget " · search_vulns-1.1.0/src/search_vulns/install.sh
mediumRemote Payloadmatched "wget " · search_vulns-1.1.0/src/search_vulns/modules/nvd/install.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
1.1.0Review162026-06-05

Block this in CI

PkgRadar gates search-vulns (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi search-vulns==1.1.0
Start free — 25 scans / moView full evidence