Description
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and capture the GH_TOKEN used by GuardDog. This vulnerability is fixed in .
Published: 2026-05-27
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

GuardDog, a CLI tool that scans remote projects, rewrites attacker‑controlled repository URLs with a blind string replacement and then sends the caller’s GitHub credentials in the resulting request. This flaw (CWE‑918) permits an attacker who can influence the URL argument to trigger Server‑Side Request Forgery, causing GuardDog to reach internal or third‑party endpoints, and to capture the GH_TOKEN that GuardDog transmits. The exposed token can be used to impersonate the user on GitHub, granting unauthorized access to repositories and potentially leading to further compromise.

Affected Systems

DataDog’S GuardDog CLI, versions 1.0.0 through 2.9.0, is affected. The fix has not been released yet.

Risk and Exploitability

The CVSS score is 8.2, indicating high severity. The EPSS score is not available, so the current exploitation probability is unknown. GuardDog is not listed in the CISA KEV catalog. Exploitation requires the attacker to control the repository URL parameter used in a GuardDog scan, which may be achievable in automated CI/CD pipelines or when the tool is invoked by users who supply arbitrary URLs. Once the SSRF is triggered, the attacker can obtain the GH_TOKEN and potentially access protected resources.

Generated by OpenCVE AI on May 27, 2026 at 21:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update GuardDog to the fixed version once released.
  • Avoid supplying untrusted URLs to GuardDog until a patch is available.
  • Restrict execution of GuardDog to trusted users and limit network access from the environment where it runs.

Generated by OpenCVE AI on May 27, 2026 at 21:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-587r-mc96-6f2p GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
History

Sat, 30 May 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Datadoghq
Datadoghq guarddog
Vendors & Products Datadoghq
Datadoghq guarddog

Wed, 27 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and capture the GH_TOKEN used by GuardDog. This vulnerability is fixed in .
Title GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Datadoghq Guarddog
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-27T16:09:24.880Z

Reserved: 2026-05-08T16:23:33.263Z

Link: CVE-2026-44971

cve-icon Vulnrichment

Updated: 2026-05-27T16:08:46.435Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T15:16:29.547

Modified: 2026-06-01T18:23:33.000

Link: CVE-2026-44971

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:00:12Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)