Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/05/07 1:15 p.m.5 views

EUVD-2026-28368

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

8.3CVSS6AI score0.00059EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/05/07 12:0 a.m.4 views

Dagster SQL注入漏洞

Dagster is an open-source orchestration platform developed by Dagster for developing, producing, and monitoring data assets. Versions of Dagster prior to 1.13.1 and Dagster libraries prior to 0.29.1 have a SQL injection vulnerability. This vulnerability arises from the fact that DuckDB, Snowflake...

8.3CVSS5.9AI score0.00059EPSS
Exploits0References1
Chainguard
Chainguardadded 2026/05/06 7:17 p.m.8 views

CVE-2026-41490 vulnerabilities

Vulnerabilities for packages: dagster, dagster-fips...

8.3CVSS5.4AI score0.00059EPSS
Exploits0
Chainguard
Chainguardadded 2026/05/06 7:17 p.m.8 views

CVE-2026-41205 vulnerabilities

Vulnerabilities for packages: dagster, airflow-core, nemo, open-webui, jupyter-base-notebook, airflow, pgadmin4-fips, mlflow, prefect-fips, dagster-fips, superset...

8.7CVSS5.4AI score0.00093EPSS
Exploits0
Snyk
Snykadded 2026/04/18 1:7 a.m.5 views

SQL Injection

Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute...

8.7CVSS6.1AI score0.00059EPSS
Exploits0References2
Snyk
Snykadded 2025/07/22 5:43 p.m.2 views

Directory Traversal

Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to Directory Traversal via the getnotebookdata function in the grpc/impl.py file, which checks path validation only if the...

8.7CVSS7.7AI score0.00126EPSS
Exploits1References2
Snyk
Snykadded 2025/07/07 3:30 p.m.4 views

Directory Traversal

Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to Directory Traversal via the /logs endpoint. An attacker can access sensitive files by sending specially crafted requests...

8.6CVSS7.6AI score0.02237EPSS
Exploits0References2
OSV
OSVadded 2025/07/07 3:30 p.m.2 views

GHSA-Q93C-P2MW-P23F Dagster vulnerable to Path Traversal attack through its /logs endpoint

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.10 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...

7.7CVSS5.9AI score0.02237EPSS
Exploits0References4
Rows per page
Query Builder