Datadog Guarddog vulnerabilities
6 known vulnerabilities affecting datadog/guarddog.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-22871P2CRITICALCVSS 9.8fixed in 2.7.12026-01-13
CVE-2026-22871 [CRITICAL] CWE-22 CVE-2026-22871: GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversa
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running Guar
ghsanvdosv
CVE-2026-44971P3HIGHCVSS 8.2v>= 1.0.0, <= 2.9.02026-05-27
CVE-2026-44971 [HIGH] CWE-918 CVE-2026-44971: GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic re
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to t
nvd
CVE-2022-23531P3HIGHCVSS 7.8fixed in 0.1.52022-12-17
CVE-2022-23531 [HIGH] CWE-23 CVE-2022-23531: GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable t
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulner
ghsanvdosv
CVE-2026-22870P3HIGHCVSS 7.5fixed in 2.7.12026-01-13
CVE-2026-22870 [HIGH] CWE-409 CVE-2026-22870: GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract(
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed
ghsanvdosv
CVE-2022-23530P3MEDIUMCVSS 6.5fixed in 0.1.82022-12-16
CVE-2022-23530 [MEDIUM] CWE-22 CVE-2022-23530: GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination direc
ghsanvdosv
CVE-2026-44972P4MEDIUMCVSS 5.0v>= 2.6.0, <= 2.9.02026-05-27
CVE-2026-44972 [MEDIUM] CWE-116 CVE-2026-44972: GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes a
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals o
nvd