pyxdg

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting pyxdgpage 1 of 1

CVE-2014-1624NONECVSS 0.0✓ Fixed in 0.26
2014-01-28
vulnerable: 0.25
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing …
CVE-2019-12761HIGHCVSS 7.5EG 7.5✓ Fixed in 0.26
2019-06-06
vulnerable: 0.19 ... 0.25 (7 versions)
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containi…

Check whether pyxdg is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pyxdg CVEs against the assets you own.

Start Free Scan →