7 matches found
CVE-2026-39382 dbt has a Command Injection in Reusable Workflow via Unsanitized comment-body Output
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...
dbt-common 路径遍历漏洞
dbt-common is a publicly available tool library developed by dbt Labs as an open-source data building tool. Versions of dbt-common prior to 1.34.2 and 1.37.3 contained a path traversal vulnerability. This vulnerability stemmed from the safeextract function using os.path.commonprefix for path...
dbt-databricks (>=1.11.1 <=1.11.3) potentially affected by CVE-2026-29790 via dbt-common (=1.36.0)
dbt-common PYPI version =1.36.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbt-common and may be impacted: - dbt-databricks =1.11.1, =1.11.3 Source cves: CVE-2026-29790 Source advisory: OSV:GHSA-W75W-9QV4-J5XJ...
acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9), airflow-dbt-python (=2.1.0) +48 more potentially affected by CVE-2026-29790 via dbt-common (>=0.1.6 <=1.33.0)
dbt-common PYPI version =0.1.6, =0.1.7, =0.1.5, =0.21.7, =0.0.1rc1, =0.1.0a1, =1.0.9, =1.8.0, =1.8.0, =1.8.0, =1.8.0, =2.0.0rc1 and more Source cves: CVE-2026-29790 Source advisory: OSV:GHSA-W75W-9QV4-J5XJ...
PYSEC-2024-66
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...
PT-2024-28956
Name of the Vulnerable Software and Affected Versions dbt versions prior to 1.6.14 dbt versions prior to 1.7.14 dbt versions prior to 1.8.0 Description The issue allows a malicious package to override core components of dbt with harmful code when installed. This is due to the design of dbt, which...
dagster-dbt (>=0.19.3 <=0.20.4), dagster-ext (>=0.0.1a11 <=0.1.0) +8 more potentially affected by unknown CVE via dbt-core (>=1.6.0 <=1.6.12)
dbt-core PYPI version =1.6.0, =0.19.3, =0.0.1a11, =1.6.0b1, =0.1.0, =0.0.1, =1.6.0, =1.3.0, =1.6.0, =0.200.0.dev5, =0.200.0.dev14 Source cves: unknown CVE Source advisory: OSV:GHSA-P72Q-H37J-3HQ7...