pkg:PyPI/guarddog

All known vulnerabilities

• HIGH8.2CVE-2026-44971GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
  >= 1.0.0, <= 2.9.0
• MEDIUM5.8CVE-2022-23530GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
  from 0, < 0.1.8
• MEDIUM5.8CVE-2022-23530GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
  from 0, < 37c7d0767ba28f4df46117d478f97652594c491c | from 0, < 0.1.8
• MEDIUM5.8CVE-2022-23531GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
  from 0, < 0.1.5
• MEDIUM5.8CVE-2022-23531GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
  from 0, < a56aff58264cb6b7855d71b00dc10c39a5dbd306 | from 0, < 0.1.5
• MEDIUM5.0CVE-2026-44972GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content
  >= 2.6.0, <= 2.9.0
• —CVE-2026-22871GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE
  from 0, < 2.7.1
• —CVE-2026-22870GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS
  from 0, < 2.7.1