VYPR

Ciguard

by Jo Jo98

Source repositories

CVEs (3)

  • CVE-2026-44219LowMay 12, 2026
    risk 0.17cvss 3.7epss 0.00

    ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py) call payload = json.loads(resp.read().decode('utf-8')) without a maximum-bytes cap. A hostile or…

  • CVE-2026-44220LowMay 12, 2026
    risk 0.14cvss 3.2epss 0.00

    ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a…

  • CVE-2026-44218LowMay 12, 2026
    risk 0.13cvss 3.0epss 0.00

    ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed in 0.8.2.