Lucene search
K

4 matches found

OSV
OSV
added 2026/06/19 9:15 p.m.6 views

GHSA-JR33-MW75-7J8F dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens

Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens Summary The local OAuth helper FastAPI server bundled with dbt-mcp exposes the GET /dbtplatformcontext endpoint without any form of authentication or host-origin validation. After a user completes the OAuth login flow against dbt...

6.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 6:15 a.m.4 views

Permissive Cross-domain Policy with Untrusted Domains

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via CORS misconfiguration in the FastAPI/Flask server components. An attacker can cause unauthorized cross-domain requests by...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 4:45 a.m.11 views

CVE-2026-5321

CVE-2026-5321 affects vanna-ai up to 2.0.2, involving the FastAPI/Flask Server component. The issue allows remote manipulation that can trigger a permissive cross-domain policy with untrusted domains. An exploit has been published and may be used. The vendor was contacted but did not respond. No ...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29680

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References5
Rows per page
Query Builder