VulnerableCode Package Details - pkg:pypi/diffoscope@76

Search for packages

Vulnerability	Summary	Fixed by
VCID-881t-fv6t-ybaw Aliases: CVE-2017-0359 GHSA-8p5c-f328-9fvv PYSEC-2018-83	diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.	77 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-c5n9-pffj-dqaj Aliases: CVE-2024-25711 GHSA-33w6-hvmq-gh4x PYSEC-2024-41	diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.	256 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-881t-fv6t-ybaw
Aliases:
CVE-2017-0359
GHSA-8p5c-f328-9fvv
PYSEC-2018-83

diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.

77
Affected by 1 other vulnerability.

VCID-c5n9-pffj-dqaj
Aliases:
CVE-2024-25711
GHSA-33w6-hvmq-gh4x
PYSEC-2024-41

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

256
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-881t-fv6t-ybaw	diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.	CVE-2017-0359 GHSA-8p5c-f328-9fvv PYSEC-2018-83

Vulnerability

Summary

Aliases

VCID-881t-fv6t-ybaw

diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.

CVE-2017-0359
GHSA-8p5c-f328-9fvv
PYSEC-2018-83

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:41:58.858187+00:00	GitLab Importer	Affected by	VCID-c5n9-pffj-dqaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/diffoscope/CVE-2024-25711.yml	38.6.0
2026-06-05T17:03:40.035178+00:00	PyPI Importer	Affected by	VCID-c5n9-pffj-dqaj	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T16:55:03.698280+00:00	PyPI Importer	Affected by	VCID-881t-fv6t-ybaw	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T16:17:34.138195+00:00	GHSA Importer	Fixing	VCID-881t-fv6t-ybaw	https://github.com/advisories/GHSA-8p5c-f328-9fvv	38.6.0
2026-06-04T17:40:46.090953+00:00	GithubOSV Importer	Fixing	VCID-881t-fv6t-ybaw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-8p5c-f328-9fvv/GHSA-8p5c-f328-9fvv.json	38.6.0
2026-06-02T04:38:01.884071+00:00	GitLab Importer	Fixing	VCID-881t-fv6t-ybaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/diffoscope/CVE-2017-0359.yml	38.6.0
2026-06-02T04:21:01.450358+00:00	Pypa Importer	Affected by	VCID-c5n9-pffj-dqaj	https://github.com/pypa/advisory-database/blob/main/vulns/diffoscope/PYSEC-2024-41.yaml	38.6.0
2026-06-02T04:05:06.726401+00:00	Pypa Importer	Affected by	VCID-881t-fv6t-ybaw	https://github.com/pypa/advisory-database/blob/main/vulns/diffoscope/PYSEC-2018-83.yaml	38.6.0