CVE-2026-41369

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system...

PYSEC-2024-66

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

PYSEC-2024-66

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

PT-2024-28956

Name of the Vulnerable Software and Affected Versions dbt versions prior to 1.6.14 dbt versions prior to 1.7.14 dbt versions prior to 1.8.0 Description The issue allows a malicious package to override core components of dbt with harmful code when installed. This is due to the design of dbt, which...