PkgRadar

PyPI · pypi.org

tendenci

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 16.15

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · tendenci-16.15/tendenci/apps/base/management/commands/auto_update.py
mediumRemote Payloadmatched "curl " · tendenci-16.15/tendenci/libs/uploader/get_fine_uploader.sh
mediumCredential file accessmatched "AWS_ACCESS_KEY" · tendenci-16.15/tendenci/settings.py

Scanned versions

VersionVerdictScoreScanned (UTC)
16.15Review142026-06-11
16.14Review142026-05-29
16.13Review362026-05-28
16.12Review362026-05-28

Block this in CI

PkgRadar gates tendenci (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi tendenci==16.15
Start free — 25 scans / moView full evidence