RubyGems · rubygems.org

dependabot-common

Rb Runtime Base64 Decode: Base64.decode64 combined with eval/system — classic obfuscated payload.

Why PkgRadar flagged 0.379.0

Severity	Signal	Evidence
high	Rb Runtime Base64 Decode	Base64.decode64 combined with eval/system — classic obfuscated payload. · lib/dependabot/dependency_file.rb
high	Rb Runtime Base64 Decode	Base64.decode64 combined with eval/system — classic obfuscated payload. · lib/dependabot/file_fetchers/base.rb

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.381.0`	Low risk	0	2026-06-09
`0.380.0`	Low risk	0	2026-06-01
`0.379.0`	Review	15	2026-05-28

Block this in CI

PkgRadar gates dependabot-common (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem rubygems [email protected]