EUVD-2024-54364

Malicious code in bioql PyPI...

EUVD-2024-54484

Malicious code in bioql PyPI...

CVE-2024-56528

This vulnerability affects Snowplow Collector 3.x before 3.3.0 unless it’s set up behind a reverse proxy that establishes payload limits. It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the...

CVE-2024-56528

This vulnerability affects Snowplow Collector 3.x before 3.3.0 unless it’s set up behind a reverse proxy that establishes payload limits. It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the...

CVE-2024-56528

This vulnerability affects Snowplow Collector 3.x before 3.3.0 unless it’s set up behind a reverse proxy that establishes payload limits. It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the...

CVE-2024-47213

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted...

CVE-2024-47213

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted...

CVE-2024-47213

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted...

CVE-2024-47213

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted...

Snowbridge 安全漏洞

Snowbridge is an open source application from Snowplow. A security vulnerability exists in Snowbridge that stems from an invalid GTM SS preview header that could lead to infinite event retries...

CVE-2024-47213

CVE-2024-47213 affects Enrich 5.1.0 and earlier. A malformed Snowplow event sent to the pipeline triggers validation to fail, causing Enrich to crash and restart in a loop, leading to halted event processing. Connected sources corroborate the same description; no concrete exploit details or remed...

CVE-2024-56528

The CVE-2024-56528 entry affects Snowplow Collector 3.x prior to 3.3.0. The root cause is handling of oversized payloads, which can render the Collector unresponsive to other requests and cause data to be blocked or lost in the pipeline. Affected component: Snowplow Collector (3.x). The impact is...

CVE-2024-56528

This vulnerability affects Snowplow Collector 3.x before 3.3.0 unless it’s set up behind a reverse proxy that establishes payload limits. It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the...

CVE-2024-56528

This vulnerability affects Snowplow Collector 3.x before 3.3.0 unless it’s set up behind a reverse proxy that establishes payload limits. It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the...

PT-2025-14807 · Snowplow · Snowplow Collector

Name of the Vulnerable Software and Affected Versions: Snowplow Collector versions 3.x before 3.3.0 Description: The issue involves sending very large payloads to the Collector, which can render it unresponsive to other requests, potentially leading to data loss. Recommendations: For Snowplow...

Iglu Server 安全漏洞

Iglu Server is a RESTful schema registry open-sourced by Snowplow. A security vulnerability exists in Iglu Server version 0.13.0 and earlier, which stems from a malicious load that could cause the service to be unavailable...