Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.5AI score0.00113EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:43 p.m.12 views

EUVD-2026-32535

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

8.2CVSS5.8AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:43 p.m.40 views

CVE-2026-44971 GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

8.2CVSS0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:43 p.m.9 views

CVE-2026-44971

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

8.2CVSS5.8AI score0.00198EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:42 p.m.10 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.9AI score0.00113EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 2:42 p.m.18 views

CVE-2026-44972

GuardDog (CLI) versions 2.6.0–2.9.0 output attacker-controlled filenames, file locations, messages, and code snippets without escaping terminal control characters. This allows injection of ANSI/OSC escape sequences into analyst terminals or CI logs, enabling terminal manipulation or spoofed outpu...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 9:18 p.m.5 views

CVE-2026-22870

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

7.5CVSS6.6AI score0.00431EPSS
Exploits1References1
NVD
NVD
added 2026/01/13 9:15 p.m.9 views

CVE-2026-22870

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

7.5CVSS0.00431EPSS
Exploits1References2
OSV
OSV
added 2026/01/13 8:46 p.m.5 views

CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

8.7CVSS7.4AI score0.00946EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0118

Malicious code in bioql PyPI...

7.8CVSS7.9AI score0.0059EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0117

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00704EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/22 10:0 p.m.8 views

CVE-2022-23531

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

7.8CVSS6.7AI score0.0059EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/17 12:0 a.m.7 views

GuardDog 路径遍历漏洞

GuardDog is an open source CLI tool from GuardDog that allows the identification of malicious PyPI packages. A security vulnerability exists in GuardDog versions prior to 0.1.5, which stems from vulnerability to relative path traversal attacks when scanning specially crafted native PyPI packages...

7.8CVSS7.7AI score0.0059EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/12/16 11:41 p.m.38 views

CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

5.8CVSS7.7AI score0.0059EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/16 11:41 p.m.8 views

CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

5.8CVSS7.5AI score0.0059EPSS
Exploits0References3
Rows per page
Query Builder