openviking

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting openvikingpage 1 of 1

CVE-2026-22680MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.3.3
2026-04-07
vulnerable: 0.1.10 ... 0.3.2 (30 versions)
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can acces…
CVE-2026-28518HIGHCVSS 7.8EG 7.8
2026-03-03
vulnerable: 0.1.1 ... 0.2.1.dev28 (21 versions)
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious …
CVE-2026-40525CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.3.9
2026-04-17
vulnerable: 0.1.10 ... 0.3.8 (37 versions)
OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attacke…

Check whether openviking is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for openviking CVEs against the assets you own.

Start Free Scan →