VYPR

Guarddog

by Datadog

pypi: guarddog

Source repositories

CVEs (4)

  • CVE-2026-22871Jan 13, 2026
    risk 0.00cvss epss 0.01

    GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to…

  • CVE-2026-22870Jan 13, 2026
    risk 0.00cvss epss 0.00

    GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious…

  • CVE-2022-23531Dec 16, 2022
    risk 0.00cvss epss 0.01

    GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary…

  • CVE-2022-23530Dec 16, 2022
    risk 0.00cvss epss 0.01

    GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without…