21 matches found
EUVD-2026-25203
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...
Google BigQuery 安全漏洞
Google BigQuery is a cloud data warehouse service provided by Google Inc., designed for large-scale data analysis and high-performance query processing. There is a security vulnerability in Google BigQuery. This vulnerability stems from the materialized view refresh mechanism, which generates err...
CVE-2026-4229
A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
Vanna has a SQL injection in the remove_training_data function
A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
CVE-2026-4229
A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...
CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...
EUVD-2026-3124
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...
CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...
CVE-2025-10702
Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...
EUVD-2025-6876
Malicious code in bioql PyPI...
CVE-2024-8999
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...
CVE-2024-8999
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...
CVE-2024-8999 Improper Access Control in lunary-ai/lunary
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...
CVE-2024-8999
Lunary (lunary-ai/lunary) v1.4.25 contains an improper access control vulnerability in POST /api/v1/data-warehouse/bigquery, allowing unauthenticated/export of the entire database to Google BigQuery. Root cause: insufficient access checks on the data-warehouse/bigquery endpoint. Impact is high (c...
CVE-2024-9095 Improper Authorization in lunary-ai/lunary
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. This includes sensitive data such as password hashes and secret API keys. The route is protected by a...
CVE-2024-9095
CVE-2024-9095 affects lunary-ai/lunary v1.4.28. The exposed /bigquery API route allows any logged-in user to create a Datastream to Google BigQuery and export the entire database, including sensitive data such as password hashes and secret API keys. The route is guarded by a config flag (config.D...
Malicious code in google-bigquery-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4effea0e9c65fae925ae0caf8f8786d929e13689c9a04786fa4b264ee26b3689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3412 Malicious code in google-bigquery-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4effea0e9c65fae925ae0caf8f8786d929e13689c9a04786fa4b264ee26b3689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
On Becoming a Contributor to the HTTP Archive
The HTTP Archive is an open source project that tracks how the web is built. Twice a month it crawls 1.3 million web pages on desktop and emulated mobile devices, and collects technical information about each of the web pages. That information is then aggregated and made available in curated...