PkgRadar

PyPI · pypi.org

xrpd-toolbox

Py Runtime Eval Exec: Python eval()/exec() called on a string.

Why PkgRadar flagged 0.1.2.2

SeveritySignalEvidence
mediumPy Runtime Eval ExecPython eval()/exec() called on a string. · xrpd_toolbox-0.1.2.2/src/xrpd_toolbox/core.py
mediumPy Runtime Pickle Loadspickle/marshal.loads — deserializes arbitrary objects, RCE if attacker-controlled. · xrpd_toolbox-0.1.2.2/src/xrpd_toolbox/i11/angular_calibration.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.2.2Review362026-05-26

Block this in CI

PkgRadar gates xrpd-toolbox (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi xrpd-toolbox==0.1.2.2
Start free — 25 scans / moView full evidence