CLEANSTART-2026-JW92679 Security fixes for ghsa-8v2v-wjwg-vx6r applied in versions: 1.16.3-r0

Security vulnerability affects the qdrant package. This issue is resolved in later releases. See references for vulnerability details...

GHSA-J4XF-2G29-59PH vulnerabilities

Vulnerabilities for packages: cargo-c, pixi, rye, buck2, qdrant, rustup, sccache, zizmor, wasmcloud, deno, wasm-pack...

CVE-2026-25628

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...

GHSA-F632-VM87-2M2F qdrant has arbitrary file write via `/logger` endpoint

Summary It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required read-only access. Tested on Qdrant 1.15.5 Details POST /logger Source code link endpoint accepts an attacker-controlled ondisk.logfile path. There are no authorization checks but authenticati...

qdrant has arbitrary file write via `/logger` endpoint

Summary It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required read-only access. Tested on Qdrant 1.15.5 Details POST /logger Source code link endpoint accepts an attacker-controlled ondisk.logfile path. There are no authorization checks but authenticati...

EUVD-2024-2207

Malicious code in bioql PyPI...

EUVD-2024-31684

Malicious code in bioql PyPI...

CVE-2024-3078

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...

CVE-2023-38975

Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnkedvectors.rs component...

CVE-2024-3829

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...

CVE-2024-3584

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...

CVE-2024-2221

qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the /collections/COLLECTION/snapshots/upload endpoint, specifically through the snapshot parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to...

qdrant input validation failure

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...

Qdrant 代码问题漏洞

Qdrant is a vector similarity search engine and vector database. A code issue vulnerability exists in Qdrant. An attacker exploiting this vulnerability could upload and overwrite any file on the file system...

PT-2024-4072 · Qdrant · Qdrant

Name of the Vulnerable Software and Affected Versions: qdrant/qdrant version 1.9.0-dev Description: The issue is related to improper input validation in the "/collections/name/snapshots/upload" endpoint, allowing for path traversal. By manipulating the name parameter through URL encoding, an...

CVE-2024-3078

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...