15 matches found
CVE-2026-32247
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247 Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Summary Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabels were concatenated directly into Cypher label expressions without validation. In...
GHSA-GG5M-55JJ-8M5G Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Summary Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabels were concatenated directly into Cypher label expressions without validation. In...
Graphiti 安全漏洞
Graphiti is a framework developed by Zep for building temporal context graphs for AI agents. Versions of Graphiti prior to 0.28.2 contained security vulnerabilities. These vulnerabilities stemmed from Cypher injections in the shared search filter construction that occurs outside of the Kuzu...
aether-observer (>=0.1.0 <=0.1.1), agloom (>=0.1.65 <=0.1.91) +83 more potentially affected by unknown CVE via kuzu (>=0.0.11 <=0.7.1)
kuzu PYPI version =0.0.11, =0.1.0, =0.1.65, =0.1.0, =0.3.0, =0.1.0, =4.3.12, =0.1.0, =0.2.0, =0.1.11, =0.1.1, =0.2.1, =0.1.3, =1.0.2, =1.0.3 - cognee-community-graph-adapter-spanner =0.1.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-KUZU-12179282...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition in their random number generation routines in randomengine.cpp file. The vulnerable functions were the unsynchronised random engine methods, now mitigated by proper mutex locking. Remediation Upgrade...
Race Condition
Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Race Condition in their random number generation routines in randomengine.cpp file. The vulnerable functions were the unsynchronis...
Race Condition
Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Race Condition in their random number generation routines in randomengine.cpp file. The vulnerable functions were the unsynchronis...
Insertion of Sensitive Information into Log File
Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in...
aether-observer (>=0.1.0 <=0.1.1), agloom (>=0.1.65 <=0.1.91) +83 more potentially affected by unknown CVE via kuzu (>=0.0.11 <=0.7.1)
kuzu PYPI version =0.0.11, =0.1.0, =0.1.65, =0.1.0, =0.3.0, =0.1.0, =4.3.12, =0.1.0, =0.2.0, =0.1.11, =0.1.1, =0.2.1, =0.1.3, =1.0.2, =1.0.3 - cognee-community-graph-adapter-spanner =0.1.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-KUZU-11502183...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in shell history. Remediation Upgrade com.kuzudb:kuzu to version 0.8.2 or higher. References - GitHub Commit ...
Insertion of Sensitive Information into Log File
Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in...