CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/03/24 10:21 p.m.•3 views

Malicious code in databricks-clean-room-orchestrator (PyPI)

6AI score

vulnersOsv•added 2026/03/06 10:54 p.m.•2 views

dbt-databricks (>=1.11.1 <=1.11.3) potentially affected by CVE-2026-29790 via dbt-common (=1.36.0)

dbt-common PYPI version =1.36.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbt-common and may be impacted: - dbt-databricks =1.11.1, =1.11.3 Source cves: CVE-2026-29790 Source advisory: SNYK:PYTHON-DBTCOMMON-15440507...

5.3CVSS5.8AI score0.00097EPSS

vulnersOsv•added 2026/03/05 12:59 a.m.•1 views

dbt-databricks (>=1.11.1 <=1.11.3) potentially affected by unknown CVE via dbt-common (=1.36.0)

dbt-common PYPI version =1.36.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbt-common and may be impacted: - dbt-databricks =1.11.1, =1.11.3 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DBTCOMMON-15426567...

5.8AI score

vulnersOsv•added 2026/03/05 12:59 a.m.•0 views

dbt-databricks (>=1.11.1 <=1.11.3) potentially affected by CVE-2026-29790 via dbt-common (=1.36.0)

5.3CVSS5.8AI score0.00097EPSS

vulnersOsv•added 2026/03/05 12:59 a.m.•2 views

acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9), airflow-dbt-python (=2.1.0) +48 more potentially affected by unknown CVE via dbt-common (>=1.0.0b2 <=1.33.0)

dbt-common PYPI version =1.0.0b2, =0.1.7, =0.1.5, =0.21.7, =0.0.1rc1, =0.1.0a1, =1.0.9, =1.8.0, =1.8.0, =1.8.0, =1.8.0, =2.0.0rc1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DBTCOMMON-15426567...

5.8AI score

OSV•added 2025/11/24 4:31 p.m.•1 views

MAL-2025-190876 Malicious code in @posthog/databricks-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e391efe36d6c40d46f8c9abbf9d68a3b7b73a56319db5a85a486fedfe90cb394 The package @posthog/databricks-plugin was found to contain malicious code. Source: google-open-source-security...

6.8AI score

EUVD•added 2025/11/24 4:31 p.m.•1 views

EUVD-2025-198949

Malicious code in @posthog/databricks-plugin npm...

6.6AI score

OSSF Malicious Packages•added 2025/11/24 4:31 p.m.•4 views

Malicious code in @posthog/databricks-plugin (npm)

6.9AI score

RedhatCVE•added 2025/11/17 7:59 p.m.•4 views

CVE-2025-41116

When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is...

2.1CVSS6.8AI score0.0006EPSS

NVD•added 2025/11/11 9:15 p.m.•3 views

CVE-2025-41116

2.1CVSS0.0006EPSS

CVE•added 2025/11/11 8:18 p.m.•9 views

CVE-2025-41116

CVE-2025-41116 affects Grafana Databricks Datasource Plugin. When Oauth passthrough is enabled and multiple users share a single Grafana instance/datasource, the wrong user identifier can be used, potentially returning data the viewer is not authorized to see. Affected versions: 1.6.0 up to, but ...

2.1CVSS6.3AI score0.0006EPSS

Cvelist•added 2025/11/11 8:18 p.m.•6 views

CVE-2025-41116 Incorrect oauth passthrough in Grafana Databricks Datasource

2.1CVSS0.0006EPSS

Vulnrichment•added 2025/11/11 8:18 p.m.•2 views

CVE-2025-41116 Incorrect oauth passthrough in Grafana Snowflake Datasource

2.1CVSS6.4AI score0.0006EPSS

Positive Technologies•added 2025/11/11 12:0 a.m.•3 views

PT-2025-46532

Name of the Vulnerable Software and Affected Versions Grafana Databricks Datasource Plugin versions 1.12.1 through 1.12.0 Description The Grafana Databricks Datasource Plugin has an issue where, with Oauth passthrough enabled, multiple users sharing a single Grafana instance and datasource may...

2.1CVSS6.4AI score0.0006EPSS

Grafana•added 2025/11/11 12:0 a.m.•4 views

CVE-2025-41116

Grafana is an open-source platform for monitoring and observability. The Grafana-Databricks-Datasource is a plugin allowing Grafana to visualize data from Databricks Enterprise Versions between 1.6.0 and 1.12.0 are vulnerable to a bug when Oauth passthrough is enabled, and multiple users are usin...

2.1CVSS5.8AI score0.0006EPSS

CNNVD•added 2025/11/11 12:0 a.m.•4 views

Grafana Databricks Datasource Plugin 安全漏洞

Grafana Databricks Datasource Plugin is an open source datasource connection plugin for Grafana. A security vulnerability exists in Grafana Databricks Datasource Plugin version 1.12.1 through versions prior to 1.12.0, which stems from the incorrect use of user identifiers when Oauth passthrough i...

2.1CVSS6.4AI score0.0006EPSS

vulnersOsv•added 2025/10/15 9:30 a.m.•3 views

ai.catboost:catboost-spark_3.5_2.13 (>=1.2.3 <=1.2.10), ch.cern.sparkmeasure:spark-measure_2.13 (=0.24) +133 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.13 (>=3.5.0 <=3.5.1)

org.apache.spark:spark-network-common2.13 MAVEN version =3.5.0, =1.2.3, =4.43.0, =3.5.0, =3.5.00.20.1, =3.5.0, =2.0.4, =2.1.6-spark-3.5.1, =2.1.6-spark-3.5.1, =1.1.1, =1.1.3 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...

6.5CVSS7.1AI score0.00099EPSS

vulnersOsv•added 2025/10/15 7:46 a.m.•5 views

6.5CVSS7.1AI score0.00099EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-25589

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00697EPSS