CVE-2026-41490

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

EUVD-2026-28368

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

Summary The DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...

arrow (>=0.14.0 <=4.4.0), arrow-flight (>=2.0.0 <=4.4.0) +73 more potentially affected by unknown CVE via flatbuffers (>=0.4.0 <=22.12.6)

flatbuffers CARGO version =0.4.0, =0.14.0, =2.0.0, =1.0.0, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.17.0, =0.1.1, =0.1.0, =0.1.0, =0.1.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3JCH-9QGP-4844...