Package impact
PyPI / magic-wormhole
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42448 | low | 3.5 | 3.5 | 8d ago | Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed | |||
| CVE-2026-32116 | unknown | — | — | 3mo ago | Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite |