CVE-2026-44972
5.0 MEDIUMGuardDog is a CLI tool to identify malicious PyPI packages
Published: 2026-05-27 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 5.0 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- CWE
- CWE-116
Description
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-45011 — ApostropheCMS is an open-source Node.js content management system (7.3 HIGH)
- CVE-2026-54133 — jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP app... (9.8 CRITICAL)
- CVE-2026-48485 — Quest Bot is an opensource Discord Bot
- CVE-2026-47188 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
- CVE-2026-47175 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support