PkgRadar

PyPI · pypi.org

wsstunnel

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.18.14

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · wsstunnel-0.18.14/wsstunnel/client.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.18.14High risk302026-06-05
0.18.13High risk302026-06-05
0.18.12High risk302026-06-05
0.18.11High risk302026-06-05
0.18.10High risk302026-06-05
0.18.9High risk302026-06-05
0.18.8High risk302026-06-05
0.18.7High risk302026-06-05
0.18.6High risk302026-06-05
0.18.5High risk302026-06-05
0.18.4High risk302026-06-05
0.18.3High risk302026-06-05
0.18.2High risk302026-06-05
0.18.1High risk302026-06-05
0.18.0High risk302026-06-05
0.17.2Low risk02026-06-04
0.17.1Low risk02026-06-03
0.17.0Low risk02026-06-03
0.16.1Low risk02026-06-03
0.16.0Low risk02026-06-03
0.15.0Low risk02026-06-03
0.14.0Low risk02026-06-03
0.13.0Low risk02026-06-03
0.12.3Low risk02026-06-02
0.12.2Low risk02026-06-02
0.12.1Low risk02026-06-02
0.12.0Low risk02026-06-02
0.11.0Low risk02026-06-02
0.10.0Low risk02026-06-02
0.9.2Low risk02026-06-02
0.9.1Low risk02026-06-02
0.9.0Low risk02026-06-02
0.8.0Low risk02026-06-02
0.7.3Low risk02026-06-01
0.7.2Low risk02026-06-01
0.7.1Low risk02026-06-01
0.7.0Low risk02026-06-01
0.6.2Low risk02026-06-01
0.6.1Low risk02026-06-01
0.6.0Low risk02026-06-01
0.5.0Low risk02026-06-01
0.4.0Low risk02026-06-01
0.3.2Low risk02026-06-01
0.3.1Low risk02026-06-01
0.3.0Low risk02026-06-01

Block this in CI

PkgRadar gates wsstunnel (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi wsstunnel==0.18.14
Start free — 25 scans / moView full evidence