pkg:PyPI/magic-wormhole

2 total CVEsLOW1

✅ Check your installed version

All known vulnerabilities

  • LOW3.5CVE-2026-42448Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed
    >= 0.23.0, < 0.24.0
  • CVE-2026-32116Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite
    >= 0.21.0, < 0.23.0
PyPI/magic-wormhole — 2 CVEs · VulnScope