86 matches found
CVE-2026-0994 vulnerabilities
Vulnerabilities for packages: litellm, authentik-fips, kserve, py3-cassandra-medusa, authentik, airflow, label-studio, request-1276, mitmproxy, datadog-agent, apache-beam-python-3.11-sdk, localstack, text-generation-inference, py3-protobuf, py3-vllm-cuda-12.4, tensorflow-gpu-jupyter, open-webui,...
GHSA-7GCM-G887-7QV7 vulnerabilities
Vulnerabilities for packages: litellm, authentik-fips, kserve, py3-cassandra-medusa, authentik, airflow, label-studio, request-1276, mitmproxy, datadog-agent, apache-beam-python-3.11-sdk, localstack, text-generation-inference, py3-protobuf, py3-vllm-cuda-12.4, tensorflow-gpu-jupyter, open-webui,...
EUVD-2024-0033
Malicious code in bioql PyPI...
CVE-2024-40637
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...
Malicious code in dbt-bytedhouse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ebd5ea76dc950b3bfb5104cd6cc0fd93024e297adad76ab02e0d5842c4777628 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-10413 Malicious code in dbt-bytedhouse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ebd5ea76dc950b3bfb5104cd6cc0fd93024e297adad76ab02e0d5842c4777628 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in dbt-byteshouse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a28901c21fc8965eca406c72802ea54284404524f91641c843d1c95613eb59ad A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
GHSA-P3F3-5CCG-83XQ dbt has an implicit override for built-in materializations from installed packages
Impact What kind of vulnerability is it? Who is impacted? When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also mean...
dagster-dbt (>=0.19.3 <=0.20.4), dagster-ext (>=0.0.1a11 <=0.1.0) +8 more potentially affected by CVE-2024-40637 via dbt-core (>=1.6.0 <=1.6.13)
dbt-core PYPI version =1.6.0, =0.19.3, =0.0.1a11, =1.6.0b1, =0.1.0, =0.0.1, =1.6.0, =1.3.0, =1.6.0, =0.200.0.dev5, =0.200.0.dev14 Source cves: CVE-2024-40637 Source advisory: OSV:GHSA-P3F3-5CCG-83XQ...
dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)
dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: OSV:GHSA-P3F3-5CCG-83XQ...
dbt has an implicit override for built-in materializations from installed packages
Impact What kind of vulnerability is it? Who is impacted? When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also mean...
CVE-2024-40637
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...
airflow-dbt-python (>=0.2.0 <=3.6.0), alvin-cli (>=0.0.1a0 <=1.3.0rc1) +288 more potentially affected by CVE-2024-40637 via dbt-core (>=0.14.0 <=1.6.13)
dbt-core PYPI version =0.14.0, =0.2.0, =0.0.1a0, =1.0.0a1, =0.0.3, =0.3.8, =1.0.6, =0.2.0, =0.11.2, =0.5.6, =0.0.1a1, =0.4.0, =0.5.1, =0.6.2 and more Source cves: CVE-2024-40637 Source advisory: OSV:PYSEC-2024-66...
dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)
dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: OSV:PYSEC-2024-66...
PYSEC-2024-66
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...
CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...
CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...
CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...
dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)
dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...
airflow-dbt-python (>=0.2.0 <=3.6.0), alvin-cli (>=0.0.1a0 <=1.3.0rc1) +288 more potentially affected by CVE-2024-40637 via dbt-core (>=0.14.0 <=1.6.13)
dbt-core PYPI version =0.14.0, =0.2.0, =0.0.1a0, =1.0.0a1, =0.0.3, =0.3.8, =1.0.6, =0.2.0, =0.11.2, =0.5.6, =0.0.1a1, =0.4.0, =0.5.1, =0.6.2 and more Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...