Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/nova@29.2.1
purl pkg:pypi/nova@29.2.1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-s69v-tc7x-37fe
Aliases:
CVE-2026-24708
GHSA-m4f3-qp2w-gwh6
OpenStack Nova calls qemu-img without format restrictions for resize An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-17T00:18:34.291055+00:00 GitLab Importer Affected by VCID-s69v-tc7x-37fe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nova/CVE-2026-24708.yml 38.4.0
2026-04-12T01:42:52.793001+00:00 GitLab Importer Affected by VCID-s69v-tc7x-37fe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nova/CVE-2026-24708.yml 38.3.0
2026-04-03T01:51:41.882814+00:00 GitLab Importer Affected by VCID-s69v-tc7x-37fe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nova/CVE-2026-24708.yml 38.1.0