VYPR

PyPI package

openviking

pkg:pypi/openviking

Vulnerabilities (3)

  • CVE-2026-40525CriApr 17, 2026
    affected < 0.3.9fixed 0.3.9

    OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed serv

  • CVE-2026-22680MedApr 7, 2026
    affected < 0.3.3fixed 0.3.3

    OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/{ta

  • CVE-2026-28518HigMar 3, 2026
    affected <= 0.2.1

    OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, abs