PyPI · pypi.org
tythanai-community
DNS / OAST exfiltration: matched "burpcollaborator.net"
Why PkgRadar flagged 1.0.1
| Severity | Signal | Evidence |
|---|---|---|
| high | DNS / OAST exfiltration | matched "burpcollaborator.net" · tythanai_community-1.0.1/backend/verification/exploit_engine.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · tythanai_community-1.0.1/integrations/github_app.py |
| medium | Credential file access | matched ".ssh/" · tythanai_community-1.0.1/backend/core/knowledge/built_in_data.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.3 | Review | 5 | 2026-06-03 |
1.0.2 | Review | 5 | 2026-06-03 |
1.0.1 | High risk | 120 | 2026-06-03 |
1.0.0 | High risk | 120 | 2026-06-03 |
Block this in CI
pkgradar gate --ecosystem pypi tythanai-community==1.0.1