111 matches found
PYSEC-2026-509 qdrant input validation failure
qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...
MAL-2026-6034 Malicious code in @mastra/qdrant (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d56b9276df2c5f66da957d7e30e4ed702cba5053f80e1a9f715b016b2e66a043 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/qdrant (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d56b9276df2c5f66da957d7e30e4ed702cba5053f80e1a9f715b016b2e66a043 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
CVE-2026-11479
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
EUVD-2026-35010
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
CVE-2026-11479
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
CVE-2026-11479
CVE-2026-11479 affects yoanbernabeu grepai 0.35.0, specifically the Qdrant Backend component’s file indexer/chunker.go. The issue involves manipulation that leads to use of a weak hash, enabling a remote attack. Exploitation is described as difficult, with network attack vector and low privileges...
CVE-2026-11479 yoanbernabeu grepai Qdrant Backend chunker.go weak hash
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
CVE-2026-11479 yoanbernabeu grepai Qdrant Backend chunker.go weak hash
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
PT-2026-47241
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...
grepai 加密问题漏洞
grepai is a semantic search-based code understanding tool developed by Yoan Bernabeu. Version 0.35.0 of grepai has an encryption vulnerability. This vulnerability stems from improper handling of files in the Qdrant backend component’s file indexer/chunker.go file, which may lead to the use of wea...
CLEANSTART-2026-JW92679 Security fixes for ghsa-8v2v-wjwg-vx6r applied in versions: 1.16.3-r0
Security vulnerability affects the qdrant package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-RG93397 Security fixes for ghsa-8v2v-wjwg-vx6r applied in versions: 1.16.3-r0
Security vulnerability affects the qdrant package. This issue is resolved in later releases. See references for vulnerability details...
AnythingLLM - Information Disclosure
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
CLEANSTART-2026-EM40436 Security fixes for ghsa-8v2v-wjwg-vx6r applied in versions: 1.16.3-r0
Security vulnerability affects the qdrant package. This issue is resolved in later releases. See references for vulnerability details...
CVE-2026-33055 vulnerabilities
Vulnerabilities for packages: cargo-c, rye, pixi, zizmor, buck2, wasm-pack, deno, wasmcloud, qdrant, rustup, sccache...
CVE-2026-33056 vulnerabilities
Vulnerabilities for packages: cargo-c, rye, pixi, zizmor, buck2, wasm-pack, deno, wasmcloud, qdrant, rustup, sccache...
GHSA-GCHP-Q4R4-X4FF vulnerabilities
Vulnerabilities for packages: cargo-c, rye, pixi, zizmor, buck2, wasm-pack, deno, wasmcloud, qdrant, rustup, sccache...
GHSA-J4XF-2G29-59PH vulnerabilities
Vulnerabilities for packages: cargo-c, rye, pixi, zizmor, buck2, wasm-pack, deno, wasmcloud, qdrant, rustup, sccache...
CVE-2026-32829 vulnerabilities
Vulnerabilities for packages: qdrant, vector, py3-xet-core, garage, parseable...