https://db.gcve.eu/sightings/feed 2026-05-31T20:27:28.705610+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/05887056-9d17-4823-8425-a255f8d05a83/export 2026-05-31T20:27:29.150768+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "05887056-9d17-4823-8425-a255f8d05a83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2353", "type": "seen", "source": "https://t.me/cibsecurity/45850", "content": "\u203c CVE-2022-2353 \u203c\n\nPrior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-09T12:17:10.000000Z"} 2022-07-09T12:17:10+00:00 https://db.gcve.eu/sighting/a76c940d-e279-449a-b23b-49279c44785a/export 2026-05-31T20:27:29.150678+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "a76c940d-e279-449a-b23b-49279c44785a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23531", "type": "seen", "source": "https://t.me/cibsecurity/54794", "content": "\u203c CVE-2022-23531 \u203c\n\nGuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-17T02:24:34.000000Z"} 2022-12-17T02:24:34+00:00 https://db.gcve.eu/sighting/6b29efdd-9d43-4aaf-aaee-be1cf61714a5/export 2026-05-31T20:27:29.150589+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "6b29efdd-9d43-4aaf-aaee-be1cf61714a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23530", "type": "seen", "source": "https://t.me/cibsecurity/54795", "content": "\u203c CVE-2022-23530 \u203c\n\nGuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-17T02:24:35.000000Z"} 2022-12-17T02:24:35+00:00 https://db.gcve.eu/sighting/054df0c1-48a7-43ef-93f5-4f51473112d7/export 2026-05-31T20:27:29.150494+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "054df0c1-48a7-43ef-93f5-4f51473112d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23536", "type": "seen", "source": "https://t.me/cibsecurity/54928", "content": "\u203c CVE-2022-23536 \u203c\n\nCortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T00:10:40.000000Z"} 2022-12-20T00:10:40+00:00 https://db.gcve.eu/sighting/b297bfb3-5738-4d00-bddd-f1b33d8fa9f8/export 2026-05-31T20:27:29.150396+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "b297bfb3-5738-4d00-bddd-f1b33d8fa9f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23537", "type": "seen", "source": "https://t.me/cibsecurity/54992", "content": "\u203c CVE-2022-23537 \u203c\n\nPJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T22:12:34.000000Z"} 2022-12-20T22:12:34+00:00 https://db.gcve.eu/sighting/3da3cf89-6fd7-4c51-b8f7-a70108a07c36/export 2026-05-31T20:27:29.150288+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "3da3cf89-6fd7-4c51-b8f7-a70108a07c36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23539", "type": "seen", "source": "https://t.me/cibsecurity/55224", "content": "\u203c CVE-2022-23539 \u203c\n\nVersions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you\u00e2\u20ac\u2122ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T02:14:08.000000Z"} 2022-12-23T02:14:08+00:00 https://db.gcve.eu/sighting/63d04037-c9ac-4d0d-95c7-4390e5dd377e/export 2026-05-31T20:27:29.150171+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "63d04037-c9ac-4d0d-95c7-4390e5dd377e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23537", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12055", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23537\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).\n\ud83d\udccf Published: 2022-12-20T18:50:45.398Z\n\ud83d\udccf Modified: 2025-04-16T14:52:55.716Z\n\ud83d\udd17 References:\n1. https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w\n2. https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1\n3. https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "creation_timestamp": "2025-04-16T14:56:23.000000Z"} 2025-04-16T14:56:23+00:00 https://db.gcve.eu/sighting/ecdaf5e2-cf04-4427-ab85-285a52a2c4b1/export 2026-05-31T20:27:29.150014+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "ecdaf5e2-cf04-4427-ab85-285a52a2c4b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23530", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12244", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23530\n\ud83d\udd25 CVSS Score: 5.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths.\n\ud83d\udccf Published: 2022-12-16T22:56:33.204Z\n\ud83d\udccf Modified: 2025-04-17T14:34:26.895Z\n\ud83d\udd17 References:\n1. https://github.com/DataDog/guarddog/security/advisories/GHSA-78m5-jpmf-ch7v\n2. https://github.com/DataDog/guarddog/commit/37c7d0767ba28f4df46117d478f97652594c491c\n3. https://github.com/DataDog/guarddog/blob/a1d064ceb09d39bb28deb6972bc0a278756ea91f/guarddog/scanners/package_scanner.py#L153..158", "creation_timestamp": "2025-04-17T14:58:27.000000Z"} 2025-04-17T14:58:27+00:00 https://db.gcve.eu/sighting/08a18917-f117-40a8-b09e-2e8b93244084/export 2026-05-31T20:27:29.148605+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "08a18917-f117-40a8-b09e-2e8b93244084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23531", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12246", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23531\n\ud83d\udd25 CVSS Score: 5.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5.\n\ud83d\udccf Published: 2022-12-16T23:41:15.078Z\n\ud83d\udccf Modified: 2025-04-17T14:33:54.287Z\n\ud83d\udd17 References:\n1. https://github.com/DataDog/guarddog/security/advisories/GHSA-rp2v-v467-q9vq\n2. https://github.com/DataDog/guarddog/pull/89/commits/a56aff58264cb6b7855d71b00dc10c39a5dbd306\n3. https://github.com/DataDog/guarddog/releases/tag/v0.1.5", "creation_timestamp": "2025-04-17T14:58:33.000000Z"} 2025-04-17T14:58:33+00:00