| CVE-2026-44971 |
high |
8.2 |
8.2 |
|
|
|
3d ago |
GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration |
| CVE-2026-44972 |
medium |
5.0 |
5.0 |
|
|
|
3d ago |
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-read… |
| CVE-2026-22871 |
unknown |
— |
— |
|
|
|
5mo ago |
GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE |
| CVE-2026-22870 |
unknown |
— |
— |
|
|
|
5mo ago |
GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS |
| CVE-2022-23530 |
unknown |
— |
— |
|
|
|
4y ago |
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files usi… |
| CVE-2022-23531 |
unknown |
— |
— |
|
|
|
4y ago |
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog ag… |