106 matches found
Improper Certificate Validation
Overview apache-airflow-providers-databricks is a Provider package apache-airflow-providers-databricks for Apache Airflow Affected versions of this package are vulnerable to Improper Certificate Validation due to the lack of certificate validation in the K8s Token Exchange. An attacker can...
EUVD-2026-17219
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
GHSA-WRPJ-755P-X363 Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
CVE-2026-32794
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
CVE-2026-32794
CVE-2026-32794: Improper Certificate Validation in Apache Airflow Provider for Databricks (affected: Apache Airflow Provider for Databricks 1.10.0 – 1.11.x; fixed in 1.12.0). Root cause: provider code does not validate TLS certificates when connecting to the Databricks back-end, enabling a man-in...
CVE-2026-32794 Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
CVE-2026-32794
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
CVE-2026-32794 Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
PT-2026-29132
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +30 more potentially affected by CVE-2025-15381 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)
mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =0.2.0, =0.2.1 and more Source cves: CVE-2025-15381 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15870197...
Malicious code in databricks-clean-room-orchestrator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2146 Malicious code in databricks-clean-room-orchestrator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
dbt-databricks (>=1.11.1 <=1.11.3) potentially affected by CVE-2026-29790 via dbt-common (=1.36.0)
dbt-common PYPI version =1.36.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbt-common and may be impacted: - dbt-databricks =1.11.1, =1.11.3 Source cves: CVE-2026-29790 Source advisory: SNYK:PYTHON-DBTCOMMON-15440507...
dbt-databricks (>=1.11.1 <=1.11.3) potentially affected by unknown CVE via dbt-common (=1.36.0)
dbt-common PYPI version =1.36.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbt-common and may be impacted: - dbt-databricks =1.11.1, =1.11.3 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DBTCOMMON-15426567...
dbt-databricks (>=1.11.1 <=1.11.3) potentially affected by CVE-2026-29790 via dbt-common (=1.36.0)
dbt-common PYPI version =1.36.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbt-common and may be impacted: - dbt-databricks =1.11.1, =1.11.3 Source cves: CVE-2026-29790 Source advisory: OSV:GHSA-W75W-9QV4-J5XJ...
acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9), airflow-dbt-python (=2.1.0) +49 more potentially affected by unknown CVE via dbt-common (>=1.0.0b2 <=1.33.0)
dbt-common PYPI version =1.0.0b2, =0.1.7, =0.1.5, =0.21.7, =0.0.1rc1, =0.1.0a1, =1.0.9, =1.8.0, =1.5.2, =1.8.0, =1.8.0, =1.8.15 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DBTCOMMON-15426567...
EUVD-2025-198949
Malicious code in @posthog/databricks-plugin npm...
Malicious code in @posthog/databricks-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e391efe36d6c40d46f8c9abbf9d68a3b7b73a56319db5a85a486fedfe90cb394 The package @posthog/databricks-plugin was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190876 Malicious code in @posthog/databricks-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e391efe36d6c40d46f8c9abbf9d68a3b7b73a56319db5a85a486fedfe90cb394 The package @posthog/databricks-plugin was found to contain malicious code. Source: google-open-source-security...