Server-side Request Forgery (SSRF)

Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the scanremote function for remote project scanning. An attacker can access sensitive authentication credentials and interact...

Improper Encoding or Escaping of Output

Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the process that renders human-readable scan results, which includes attacker-controlled values such as filenames, file...

CVE-2026-22871

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

GuardDog 安全漏洞

GuardDog is a CLI tool from GuardDog Open Source that allows identifying malicious PyPI packages. A security vulnerability exists in GuardDog versions prior to 2.7.1, which stems from the safeextract function not validating the unzipped file size, which could lead to a denial-of-service attack vi...

PT-2022-16056 · Guarddog · Guarddog

Name of the Vulnerable Software and Affected Versions: GuardDog versions prior to v0.1.8 Description: GuardDog is a CLI tool to identify malicious PyPI packages. The issue arises when extracting files using shutil.unpack archive from a potentially malicious tarball without validating that the...

PT-2022-16057 · Python +1 · Tarfile.Tarfile +1

Name of the Vulnerable Software and Affected Versions: GuardDog versions prior to 0.1.5 Description: The issue allows an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanne...