CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

9 matches found

Snyk•added 2026/04/02 6:15 a.m.•4 views

Permissive Cross-domain Policy with Untrusted Domains

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via CORS misconfiguration in the FastAPI/Flask server components. An attacker can cause unauthorized cross-domain requests by...

5.3CVSS5.9AI score0.00162EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-1479

Malicious code in bioql PyPI...

8.1CVSS8.4AI score0.14956EPSS

Exploits0References4

RedhatCVE•added 2025/02/05 6:33 a.m.•6 views

CVE-2024-5565

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS7.9AI score0.14956EPSS

Exploits0References1

Veracode•added 2024/06/07 8:3 a.m.•12 views

Prompt Injection

Vanna is vulnerable to Prompt Injection. The vulnerability is due to improper input validation in the Vanna library's "ask" method, when allowing external input with "visualize" set to True, which allows a user to execute arbitrary python code...

8.1CVSS8.2AI score0.14956EPSS

Exploits0References2Affected Software1

OSV•added 2024/05/31 3:30 p.m.•14 views

GHSA-7735-W2JP-GVG6 Vanna prompt injection code execution

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

9.2CVSS8.6AI score0.14956EPSS

Exploits0References3

Github Security Blog•added 2024/05/31 3:30 p.m.•16 views

Vanna prompt injection code execution

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS7.7AI score0.14956EPSS

Exploits0References3Affected Software1

NVD•added 2024/05/31 3:15 p.m.•19 views

CVE-2024-5565

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS8.6AI score0.14956EPSS

Exploits0References1

Cvelist•added 2024/05/31 2:24 p.m.•94 views

CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS8.6AI score0.14956EPSS

Exploits0References1

Vulnrichment•added 2024/05/31 2:24 p.m.•16 views

CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS8AI score0.14956EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by