airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +28 more potentially affected by CVE-2025-65995 via apache-airflow (>=3.0.0rc3 <=3.1.5)

apache-airflow PYPI version =3.0.0rc3, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2025-65995 Source advisory: OSV:GHSA-GFW7-2V73-69WG...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +20 more potentially affected by CVE-2025-66388 via apache-airflow-task-sdk (>=1.0.0rc4 <=1.1.4)

apache-airflow-task-sdk PYPI version =1.0.0rc4, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =0.0.4, =0.0.6.dev1 and more Source cves: CVE-2025-66388 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-14459396...

EUVD-2024-21221

Malicious code in bioql PyPI...

EUVD-2025-12372

Malicious code in bioql PyPI...

CVE-2025-2298

An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to...

CVE-2025-2298

An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to...

CVE-2025-2298 Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software

An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to...

CVE-2025-2298 Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software

An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to...

CVE-2025-2298

CVE-2025-2298 is an improper authorization vulnerability in Dremio Software where authenticated users can delete arbitrary files across local and remote locations due to insufficient API endpoint access controls. Impact includes potential data loss and DoS, with possible escalation depending on d...

Dremio 安全漏洞

Dremio is a data-as-a-service platform from Dremio, Inc. that provides a fast, self-service approach to data analysis. A security vulnerability exists in Dremio that stems from insufficient API endpoint access control and could lead to the deletion of arbitrary files by authenticated users...

PT-2025-17445 · Dremio · Dremio

Name of the Vulnerable Software and Affected Versions: Dremio versions prior to 24.0.0 Dremio versions 24.3.0 through 24.3.16 Dremio versions 25.0.0 through 25.0.14 Dremio versions 25.1.0 through 25.1.7 Dremio versions 25.2.0 through 25.2.4 Description: An improper authorization issue in Dremio...

CVE-2024-23768

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...

BIT-DREMIO-2024-23768

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-36105 via dbt-core (>=1.7.0 <=1.7.14)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-36105 Source advisory: OSV:GHSA-PMRX-695R-4349...

CVE-2024-23768

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...

CVE-2024-23768

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...

Path traversal

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...

CVE-2024-23768

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...

CVE-2024-23768

CVE-2024-23768 (Dremio) : Dremio before 24.3.1 suffers a path traversal flaw where an authenticated user with no privileges on certain folders plus access to the source and at least one folder can access restricted folders, files, and datasets. Affected versions are 24.0.0–24.3.0, 23.0.0–23.2.3, ...

Dremio Security Breach

Dremio is a data-as-a-service platform from Dremio, Inc. that provides a fast, self-service approach to data analysis. A security vulnerability exists in Dremio versions prior to 24.3.1, which stems from allowing path traversal, where authenticated users who do not have permissions to certain...