QwikSec

Security Database

CVE

CWE

Training

CVE-2026-22870

Published: Jan 13, 2026

Modified: Jan 13, 2026

PUBLISHED

Description

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data. This vulnerability is fixed in 2.7.1.

Vendor	Product	Versions
DataDog	guarddog	affected `< 2.7.1`

Weaknesses (CWE)

References

https://github.com/DataDog/guarddog/security/advisories/GHSA-ffj4-jq7m-9g6v

x_refsource_CONFIRM

https://github.com/DataDog/guarddog/commit/c3fb07b4838945f42497e78b7a02bcfb1e63969b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.