GHSA-4XGF-CPJX-PC3J vulnerabilities

Vulnerabilities for packages: airflow-core, lmcache-cuda-12.8, airflow, mcp-atlassian, prefect, vllm-cuda-13.2, tritonserver-backend-vllm-cuda-13.0, litellm...

CVE-2026-7724

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

CVE-2026-7722

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

abm-colony-collection (>=0.1.0 <=0.5.0), abm-initialization-collection (>=0.1.0 <=0.7.0) +108 more potentially affected by CVE-2026-7725 via prefect (>=0.9.2 <=3.6.22)

prefect PYPI version =0.9.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.16.0, =0.0.126, =0.1.0, =1.0.4, =3.4.0, =0.4.0b0, =0.1.11, =0.1.0, =0.5.0 and more Source cves: CVE-2026-7725 Source advisory: OSV:GHSA-6RCX-55R6-JX65...

Prefect Git Argument Injection in GitRepository Pull Steps

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...

ai-24sea (>=0.1.0 <=1.1.1), ai-documentation-writer (>=0.1.0 <=0.1.1) +31 more potentially affected by CVE-2026-7725 via prefect (>=3.0.0rc20 <=3.6.22)

prefect PYPI version =3.0.0rc20, =0.1.0, =0.1.0, =0.16.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =2.3.0rc19 - mcp-prefect =0.1.0 and more Source cves: CVE-2026-7725 Source advisory: SNYK:PYTHON-PREFECT-16406537...

ai-24sea (>=0.1.0 <=1.1.1), askap-flint (>=0.6.1 <=0.8.0) +29 more potentially affected by CVE-2026-7723 via prefect (>=3.0.0rc20 <=3.6.13)

prefect PYPI version =3.0.0rc20, =0.1.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =0.0.2, =0.0.14 and more Source cves: CVE-2026-7723 Source advisory: SNYK:PYTHON-PREFECT-16379909...

ai-24sea (>=0.1.0 <=1.1.1), ai-documentation-writer (>=0.1.0 <=0.1.1) +31 more potentially affected by CVE-2026-7724 via prefect (>=3.0.0rc20 <=3.6.22)

prefect PYPI version =3.0.0rc20, =0.1.0, =0.1.0, =0.16.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =2.3.0rc19 - mcp-prefect =0.1.0 and more Source cves: CVE-2026-7724 Source advisory: SNYK:PYTHON-PREFECT-16383760...

abm-colony-collection (>=0.1.0 <=0.5.0), abm-initialization-collection (>=0.1.0 <=0.7.0) +106 more potentially affected by CVE-2026-7723 via prefect (>=0.9.2 <=3.6.13)

prefect PYPI version =0.9.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.126, =0.1.0, =1.0.4, =3.4.0, =0.4.0b0, =0.1.11, =0.1.0, =1.0.17, =6.0.0, =11.3.0 and more Source cves: CVE-2026-7723 Source advisory: OSV:GHSA-HVPH-5985-R63V...

GHSA-P3PQ-HXMR-VQQR Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

abm-colony-collection (>=0.1.0 <=0.5.0), abm-initialization-collection (>=0.1.0 <=0.7.0) +108 more potentially affected by CVE-2026-7724 via prefect (>=0.9.2 <=3.6.22)

prefect PYPI version =0.9.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.16.0, =0.0.126, =0.1.0, =1.0.4, =3.4.0, =0.4.0b0, =0.1.11, =0.1.0, =0.5.0 and more Source cves: CVE-2026-7724 Source advisory: OSV:GHSA-P3PQ-HXMR-VQQR...

CVE-2026-7724

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

PT-2026-36755

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit sha/directories results in argument injection. It i...

Origin Validation Error

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Origin...

aporacle (>=0.0.126 <=0.0.143), archimedes-flow-utils (>=1.0.4 <=1.1.8) +31 more potentially affected by CVE-2024-8183 via prefect (>=0.9.2 <=2.19.4)

prefect PYPI version =0.9.2, =0.0.126, =1.0.4, =3.4.0, =0.1.11, =0.1.0, =1.0.17, =0.1.0, =1.0.0, =2.3.9, =5.2.3, =2.37.0, =0.2.0, =0.4.0, =0.1.0, =0.1.2 and more Source cves: CVE-2024-8183 Source advisory: OSV:GHSA-4V9F-R55G-G6HC...

aporacle (>=0.0.126 <=0.0.143), enrichsdk (>=5.2.3 <=5.2.4) +11 more potentially affected by CVE-2023-6022 via prefect (>=2.0.0b16 <=2.16.3)

prefect PYPI version =2.0.0b16, =0.0.126, =5.2.3, =2.37.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =0.0.217, =0.15.3, =0.6.5, =0.1.1, =0.1.0a0, =0.7.0, =0.9.0 Source cves: CVE-2023-6022 Source advisory: OSV:GHSA-4HH5-2678-83FX...