MEDIUM 5.0 PyPI
GHSA-m5p4-gvpx-4mvr · CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content
Modified: 6/9/2026
package
PyPI / guarddog
pkg:pypi/guarddog
MEDIUM 5.8 PyPI
GHSA-rp2v-v467-q9vq · CVE-2022-23531, PYSEC-2022-42994 GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Modified: 2/22/2026
HIGH PyPI
GHSA-xg9w-vg3g-6m68 · CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE
Modified: 2/3/2026
HIGH 8.2 PyPI
GHSA-587r-mc96-6f2p · CVE-2026-44971 GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
Modified: 6/9/2026
MEDIUM 5.8 PyPI
GHSA-78m5-jpmf-ch7v · CVE-2022-23530, PYSEC-2022-42993 GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
Modified: 11/20/2024
HIGH PyPI
GHSA-ffj4-jq7m-9g6v · CVE-2026-22870 GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS
Modified: 2/3/2026
— PyPI
PYSEC-2022-42993 · CVE-2022-23530, GHSA-78m5-jpmf-ch7v Modified: 11/8/2023
— PyPI
PYSEC-2022-42994 · CVE-2022-23531, GHSA-rp2v-v467-q9vq Modified: 2/22/2026