{"id":2695098,"name":"diffoscope","ecosystem":"pypi","description":"in-depth comparison of files, archives, and directories","homepage":"https://diffoscope.org/","licenses":"GPL-3+","normalized_licenses":["GPL-3.0+"],"repository_url":null,"keywords_array":[],"namespace":null,"versions_count":272,"first_release_published_at":"2015-11-12T14:26:57.000Z","latest_release_published_at":"2026-06-26T15:59:25.000Z","latest_release_number":"322","last_synced_at":"2026-06-27T10:44:57.538Z","created_at":"2022-04-10T10:36:20.316Z","updated_at":"2026-06-27T14:36:42.760Z","registry_url":"https://pypi.org/project/diffoscope/","install_command":"pip install diffoscope --index-url https://pypi.org/simple","documentation_url":"https://diffoscope.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 5 - Production/Stable","Intended Audience :: Developers","License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)","Operating System :: POSIX","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Topic :: Utilities"],"normalized_name":"diffoscope","project_status":null},"repo_metadata":{},"repo_metadata_updated_at":"2026-06-27T14:36:42.732Z","dependent_packages_count":2,"downloads":8000,"downloads_period":"last-month","dependent_repos_count":25,"rankings":{"downloads":3.593477283293827,"dependent_repos_count":2.8983490561542027,"dependent_packages_count":3.157820486179293,"stargazers_count":null,"forks_count":null,"docker_downloads_count":1.2280588096308773,"average":2.71942640881455},"purl":"pkg:pypi/diffoscope","advisories":[{"uuid":"GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-","url":"https://github.com/advisories/GHSA-33w6-hvmq-gh4x","title":"diffoscope Path Traversal vulnerability","description":"diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-02-27T03:31:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2024-25711","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUNBANAWD6TZH2NRRV4YUIAXEHLUJQ47","https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/dfed769904c27d66a14a5903823d9c8c5aae860e","https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361","https://github.com/pypa/advisory-database/tree/main/vulns/diffoscope/PYSEC-2024-41.yaml","https://github.com/advisories/GHSA-33w6-hvmq-gh4x"],"source_kind":"github","identifiers":["GHSA-33w6-hvmq-gh4x","CVE-2024-25711"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-02-27T22:04:48.232Z","updated_at":"2026-06-23T16:07:38.304Z","epss_percentage":0.00979,"epss_percentile":0.57598,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-","packages":[{"ecosystem":"pypi","package_name":"diffoscope","versions":[{"first_patched_version":"256","vulnerable_version_range":"\u003e= 0, \u003c 256"}],"purl":"pkg:pypi/diffoscope"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNWMtZjMyOC05ZnZ2","url":"https://github.com/advisories/GHSA-8p5c-f328-9fvv","title":"Diffoscope may write to arbitrary locations due to an untrusted archive","description":"diffoscope before 76 writes to arbitrary locations on disk based on the contents of an untrusted archive.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2018-07-13T16:01:21.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-0359","https://security-tracker.debian.org/tracker/CVE-2017-0359","https://github.com/anthraxx/diffoscope/commit/632a40828a54b399787c25e7fa243f732aef7e05","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723","https://github.com/anthraxx/diffoscope/commit/f379d1f611dbd5d361e12b732e07c8aee45ff226","https://bugs.debian.org/854723","https://github.com/advisories/GHSA-8p5c-f328-9fvv","https://github.com/pypa/advisory-database/tree/main/vulns/diffoscope/PYSEC-2018-83.yaml"],"source_kind":"github","identifiers":["GHSA-8p5c-f328-9fvv","CVE-2017-0359"],"repository_url":"https://github.com/anthraxx/diffoscope","blast_radius":13.000842080649951,"created_at":"2022-12-21T16:12:32.769Z","updated_at":"2026-06-24T09:09:16.139Z","epss_percentage":0.01893,"epss_percentile":0.769,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNWMtZjMyOC05ZnZ2","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNWMtZjMyOC05ZnZ2","packages":[{"ecosystem":"pypi","package_name":"diffoscope","versions":[{"first_patched_version":"76","vulnerable_version_range":"\u003c 76"}],"purl":"pkg:pypi/diffoscope"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNWMtZjMyOC05ZnZ2/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/diffoscope","docker_dependents_count":2,"docker_downloads_count":30903,"usage_url":"https://repos.ecosyste.ms/usage/pypi/diffoscope","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/diffoscope/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/diffoscope/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/diffoscope/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/diffoscope/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/diffoscope/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/diffoscope/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/diffoscope/codemeta","maintainers":[{"uuid":"h01ger","login":"h01ger","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://pypi.org/user/h01ger/","role":null,"created_at":"2022-12-30T06:39:14.319Z","updated_at":"2022-12-30T06:39:14.319Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/h01ger/packages"},{"uuid":"mapreri","login":"mapreri","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://pypi.org/user/mapreri/","role":null,"created_at":"2022-12-30T06:39:14.340Z","updated_at":"2022-12-30T06:39:14.340Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/mapreri/packages"},{"uuid":"reinerh","login":"reinerh","name":null,"email":null,"url":null,"packages_count":1,"html_url":"https://pypi.org/user/reinerh/","role":null,"created_at":"2022-12-30T06:39:14.347Z","updated_at":"2022-12-30T06:39:14.347Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/reinerh/packages"}]}