ciguard

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ciguardpage 1 of 1

CVE-2026-44218LOWCVSS 3.0EG 3.0✓ Fixed in 0.8.2
2026-05-12
vulnerable: 0.1.0 ... 0.8.1 (15 versions)
ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed …
CVE-2026-44219LOWCVSS 3.7EG 3.7✓ Fixed in 0.8.2
2026-05-12
vulnerable: 0.6.0, 0.6.1, 0.7.0, 0.8.1
ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py) call payload = json.loads(resp.read().decode('utf-8')) without…
CVE-2026-44220LOWCVSS 3.2EG 3.2✓ Fixed in 0.8.2
2026-05-12
vulnerable: 0.8.1
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolv…

Check whether ciguard is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ciguard CVEs against the assets you own.

Start Free Scan →