VYPR
Vendor

Datadog

Products
6
CVEs
11
Across products
11
Status
Private

Products

6

Recent CVEs

11
  • CVE-2026-39196CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements.

  • CVE-2026-11362CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The format_event method (used by the event method) does not validate the…

  • CVE-2026-9270CriJun 5, 2026
    risk 0.59cvss 9.1epss 0.00

    DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_stats method does not remove newlines from metric names ($stat variable),…

  • CVE-2026-33728CriMar 27, 2026
    risk 0.57cvss 9.8epss 0.01

    dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker…

  • CVE-2025-61667HigNov 12, 2025
    risk 0.46cvss epss 0.00

    The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due to insufficient permissions being set on the `opt/datadog-agent/python-scripts/__pycache__` directory…

  • CVE-2026-39197MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.

  • CVE-2024-38525HigJun 28, 2024
    risk 0.42cvss 7.5epss 0.00

    dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it…

  • CVE-2026-22871Jan 13, 2026
    risk 0.00cvss epss 0.01

    GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to…

  • CVE-2026-22870Jan 13, 2026
    risk 0.00cvss epss 0.00

    GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious…

  • CVE-2022-23531Dec 16, 2022
    risk 0.00cvss epss 0.01

    GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary…

  • CVE-2022-23530Dec 16, 2022
    risk 0.00cvss epss 0.01

    GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without…