Malicious Package

Overview linear-airbyte-source is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2024-37279

Malicious code in bioql PyPI...

Malicious Package

Overview airbyte-webapp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in airbyte-webapp (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cb9621dfdc8c213cde4d731ad33b75a36cc9298649d12d5ed1669fb3d401f1c Any computer that has this package installed or running should be considered...

MAL-2025-47843 Malicious code in airbyte-webapp (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cb9621dfdc8c213cde4d731ad33b75a36cc9298649d12d5ed1669fb3d401f1c Any computer that has this package installed or running should be considered...

broad-dagster-utils (=2.0.0a7), dagit (>=0.5.1 <=1.10.15) +71 more potentially affected by CVE-2025-51481 via dagster (>=0.1.1 <=1.10.15)

dagster PYPI version =0.1.1, =0.5.1, =0.16.0, =0.5.4, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =1.0.0, =1.10.0, =1.0.0, =0.16.0, =0.26.15 and more Source cves: CVE-2025-51481 Source advisory: OSV:GHSA-H7X8-JV97-FVVM...

broad-dagster-utils (=2.0.0a7), dagit (>=1.0.0 <=1.10.15) +67 more potentially affected by CVE-2025-51481 via dagster (>=1.0.0 <=1.10.15)

dagster PYPI version =1.0.0, =1.0.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =0.16.0, =1.0.0, =1.10.0, =1.0.0, =0.16.0, =0.16.0, =0.26.15 and more Source cves: CVE-2025-51481 Source advisory: SNYK:PYTHON-DAGSTER-10877952...

CVE-2024-38363

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

01os (>=0.0.5 <=0.0.13), airbyte-source-azure-blob-storage (>=0.3.3 <=0.6.12) +57 more potentially affected by CVE-2024-46455 via unstructured (>=0.10.10 <=0.14.2)

unstructured PYPI version =0.10.10, =0.0.5, =0.3.3, =0.3.6, =0.0.8, =0.1.5, =0.2.0, =4.5.1, =1.0.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.1.0 and more Source cves: CVE-2024-46455 Source advisory: SNYK:PYTHON-UNSTRUCTURED-8492724...

MAL-2024-8931 Malicious code in linear-airbyte-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f2f93219b987eadd13a3db8af0914e4ccc9ea3d3fbf6f571e156e5e5861d25c6 The OpenSSF Package Analysis project identified 'linear-airbyte-source' @ 9.9.10 npm as malicious. It is considered malicious because: - The...

Malicious code in linear-airbyte-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f2f93219b987eadd13a3db8af0914e4ccc9ea3d3fbf6f571e156e5e5861d25c6 The OpenSSF Package Analysis project identified 'linear-airbyte-source' @ 9.9.10 npm as malicious. It is considered malicious because: - The...

Server-Side Template Injection

airbyte is vulnerable to Server-Side Template Injection. The vulnerability is due to improper handling of user input in the connection builder, allowing attackers to execute arbitrary code on the server...

CVE-2024-38363

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363

Airbyte’s CVE-2024-38363 affects the Airbyte connection builder docker image, where server-side template injection (SSTI) enables authenticated remote code execution as the web server user. The connection builder is used to create/test new connectors, and exploitation could lead to exposure of se...

Airbyte Security Breach

Airbyte is an ETL/ELT data pipeline data integration platform from Airbyte Open Source. A security vulnerability exists in Airbyte versions prior to v0.62.2 that stems from the presence of a remote code execution vulnerability that allows an authenticated, remote attacker to execute arbitrary cod...

PT-2024-27960 · Airbyte · Airbyte

Name of the Vulnerable Software and Affected Versions: Airbyte versions prior to 0.62.2 Description: The Airbyte connection builder docker image is vulnerable to remote code execution RCE via server-side template injection SSTI, allowing an authenticated remote attacker to execute arbitrary code ...