acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9), airflow-dbt-python (=2.1.0) +48 more potentially affected by unknown CVE via dbt-common (>=1.0.0b2 <=1.33.0)

dbt-common PYPI version =1.0.0b2, =0.1.7, =0.1.5, =0.21.7, =0.0.1rc1, =0.1.0a1, =1.0.9, =1.8.0, =1.8.0, =1.8.0, =1.8.0, =2.0.0rc1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DBTCOMMON-15426567...

CVE-2026-0994 vulnerabilities

Vulnerabilities for packages: duplicity, airflow, metaflow-service, dbt-core, py3-cassandra-medusa, opentelemetry-python-instrumentation, tritonserver-backend-vllm-cuda-12.9, nemo, pgadmin4, datadog-agent, kubeflow-katib, airflow-core, azure-functions-python-worker, kserve, semgrep, dbt-snowflake...

GHSA-7GCM-G887-7QV7 vulnerabilities

Vulnerabilities for packages: duplicity, airflow, metaflow-service, dbt-core, py3-cassandra-medusa, opentelemetry-python-instrumentation, tritonserver-backend-vllm-cuda-12.9, nemo, pgadmin4, datadog-agent, kubeflow-katib, airflow-core, azure-functions-python-worker, kserve, semgrep, dbt-snowflake...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: OSV:GHSA-P3F3-5CCG-83XQ...

dagster-dbt (>=0.19.3 <=0.20.4), dagster-ext (>=0.0.1a11 <=0.1.0) +8 more potentially affected by CVE-2024-40637 via dbt-core (>=1.6.0 <=1.6.13)

dbt-core PYPI version =1.6.0, =0.19.3, =0.0.1a11, =1.6.0b1, =0.1.0, =0.0.1, =1.6.0, =1.3.0, =1.6.0, =0.200.0.dev5, =0.200.0.dev14 Source cves: CVE-2024-40637 Source advisory: OSV:GHSA-P3F3-5CCG-83XQ...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: OSV:PYSEC-2024-66...

airflow-dbt-python (>=0.2.0 <=3.5.0), alvin-cli (>=0.0.1a0 <=1.3.0rc1) +282 more potentially affected by CVE-2024-40637 via dbt-core (>=0.14.0 <=1.6.13)

dbt-core PYPI version =0.14.0, =0.2.0, =0.0.1a0, =1.0.0a1, =0.0.3, =0.3.8, =1.0.6, =0.2.0, =0.11.2, =0.5.6, =0.0.1a1, =0.4.0, =0.11.2 and more Source cves: CVE-2024-40637 Source advisory: OSV:PYSEC-2024-66...

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...

airflow-dbt-python (>=0.2.0 <=3.5.0), alvin-cli (>=0.0.1a0 <=1.3.0rc1) +282 more potentially affected by CVE-2024-40637 via dbt-core (>=0.14.0 <=1.6.13)

dbt-core PYPI version =0.14.0, =0.2.0, =0.0.1a0, =1.0.0a1, =0.0.3, =0.3.8, =1.0.6, =0.2.0, =0.11.2, =0.5.6, =0.0.1a1, =0.4.0, =0.11.2 and more Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' allowing an attacker to insta...

Binding To An Unrestricted IP Address

dbt-core is vulnerable to Binding to an Unrestricted IP Address. The vulnerability is due to the binding of INADDRANY or IN6ADDRANY to any network interface on the local system not just localhost, which exposes the application on all network interfaces. An attacker can gain unauthorized access by...

airflow-dbt-python (>=0.2.0 <=3.5.0), alvin-cli (>=0.0.1a0 <=1.3.0rc1) +282 more potentially affected by CVE-2024-36105 via dbt-core (>=0.14.0 <=1.6.14)

dbt-core PYPI version =0.14.0, =0.2.0, =0.0.1a0, =1.0.0a1, =0.0.3, =0.3.8, =1.0.6, =0.2.0, =0.11.2, =0.5.6, =0.0.1a1, =0.4.0, =0.11.2 and more Source cves: CVE-2024-36105 Source advisory: OSV:GHSA-PMRX-695R-4349...

dagster-dbt (>=0.21.7 <=0.21.12), dbt-docs-mcp (=0.0.1) +5 more potentially affected by CVE-2024-36105 via dbt-core (>=1.8.0 <=1.8.0rc2)

dbt-core PYPI version =1.8.0, =0.21.7, =0.5.3, =1.8.0b1, =1.12.1rc1, =1.14.0b6 Source cves: CVE-2024-36105 Source advisory: OSV:GHSA-PMRX-695R-4349...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-36105 via dbt-core (>=1.7.0 <=1.7.14)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-36105 Source advisory: OSV:GHSA-PMRX-695R-4349...

CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...

CVE-2024-36105

CVE-2024-36105 affects dbt-core prior to 1.6.15, 1.7.15, and 1.8.1. The issue arises when the docs server binds to INADDR_ANY or IN6ADDR_ANY (0.0.0.0/::) instead of localhost, exposing the HTTP server on all network interfaces. This can enable unauthorized access from other hosts on the same netw...

PT-2024-26893 · Dbt-Core · Dbt-Core

Name of the Vulnerable Software and Affected Versions: dbt-core versions prior to 1.6.15 dbt-core versions prior to 1.7.15 dbt-core versions prior to 1.8.1 Description: The issue arises from binding to INADDR ANY 0.0.0.0 or IN6ADDR ANY ::, which exposes the application on all network interfaces,...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-postgres (>=1.7.0 <=1.7.12) +8 more potentially affected by unknown CVE via dbt-core (>=1.7.0 <=1.7.12)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: unknown CVE Source advisory: OSV:GHSA-P72Q-H37J-3HQ7...