12597 matches found
com.datasqrl:sqrl-discovery (>=0.9.0 <=0.10.4), com.datasqrl:sqrl-planner (>=0.9.0 <=0.10.4) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (=2.2.0)
org.apache.flink:flink-table-planner2.12 MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-planner2.12 and may be impacted: - com.datasqrl:sqrl-discovery =0.9.0, =0.9.0, =0.9.0, =0.2.0, =0.2.0, =0.2.0,...
cn.ibizlab.plugin:ibiz-dataflow-flink (>=8.1.0.371 <=8.1.0.567.22), cn.sliew:flinkful-cli-descriptor-examples (>=1.0.2 <=1.0.7) +348 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=1.15.0 <=1.20.3)
org.apache.flink:flink-table-api-java MAVEN version =1.15.0, =8.1.0.371, =1.0.2, =1.0.2, =1.0.2, =1.0.2, =1.0.2, =1.0.3, =1.0.0, =1.0.2, =1.0.2, =0.5.0, =0.5.0, =1.4.0, =1.5.6.2 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...
cn.ibizlab.plugin:ibiz-dataflow-flink (>=8.1.0.371 <=8.1.0.567.22), cn.sliew:flinkful-cli-descriptor-examples (>=1.0.2 <=1.0.7) +348 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=1.15.0 <=1.20.3)
org.apache.flink:flink-table-api-java MAVEN version =1.15.0, =8.1.0.371, =1.0.2, =1.0.2, =1.0.2, =1.0.2, =1.0.2, =1.0.3, =1.0.0, =1.0.2, =1.0.2, =0.5.0, =0.5.0, =1.4.0, =1.5.6.2 and more Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799798...
com.drobisch:flink-connector-elasticsearch-e2e-tests-common (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant), com.drobisch:flink-connector-elasticsearch6-e2e-tests (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant) +25 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.0.0 <=2.0.1)
org.apache.flink:flink-table-api-java MAVEN version =2.0.0, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =26.0.0, =0.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...
com.drobisch:flink-connector-elasticsearch-e2e-tests-common (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant), com.drobisch:flink-connector-elasticsearch6-e2e-tests (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant) +25 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.0.0 <=2.0.1)
org.apache.flink:flink-table-api-java MAVEN version =2.0.0, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =26.0.0, =0.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799798...
com.couchbase.client.flink-connector-couchbase_2.12:flink-connector-couchbase_2.12 (=0.5.0), com.datasqrl.flinkrunner:kafka-safe-connector (>=0.9.0-alpha1 <=0.9.0-alpha2) +29 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.1.0 <=2.1.1)
org.apache.flink:flink-table-api-java MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =26.0.0, =0.2.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-35194 Source advisory:...
com.datasqrl.flinkrunner:datagen-connectors (=0.10.1), com.datasqrl.flinkrunner:kafka-safe-connector (>=0.9.0 <=0.10.1) +75 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (=2.2.0)
org.apache.flink:flink-table-api-java MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-api-java and may be impacted: - com.datasqrl.flinkrunner:datagen-connectors =0.10.1 -...
cn.ibizlab.plugin:ibiz-dataflow-flink (>=8.1.0.371 <=8.1.0.567.22), cn.sliew:flinkful-cli-descriptor-examples (>=1.0.2 <=1.0.7) +184 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=1.15.0 <=1.20.3)
org.apache.flink:flink-table-runtime MAVEN version =1.15.0, =8.1.0.371, =1.0.2, =1.0.3, =1.0.0, =1.0.2, =0.5.0, =0.5.0, =1.4.0, =1.4.0, =1.4.0, =1.0, =1.0.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...
cn.ibizlab.plugin:ibiz-dataflow-flink (>=8.1.0.371 <=8.1.0.567.22), cn.sliew:flinkful-cli-descriptor-examples (>=1.0.2 <=1.0.7) +184 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=1.15.0 <=1.20.3)
org.apache.flink:flink-table-runtime MAVEN version =1.15.0, =8.1.0.371, =1.0.2, =1.0.3, =1.0.0, =1.0.2, =0.5.0, =0.5.0, =1.4.0, =1.4.0, =1.4.0, =1.0, =1.0.1 and more Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799797...
org.apache.doris:flink-doris-connector-2.0 (>=26.0.0 <=26.1.1), org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.0.0 <=2.0.1)
org.apache.flink:flink-table-runtime MAVEN version =2.0.0, =26.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...
com.datasqrl.flinkrunner:stdlib-json (>=0.9.0-alpha1 <=0.9.0-alpha2), com.datasqrl:sqrl-discovery (>=0.9.0-alpha1 <=0.9.0-alpha2) +14 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.1.0 <=2.1.1)
org.apache.flink:flink-table-runtime MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =26.0.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...
com.datasqrl.flinkrunner:stdlib-json (>=0.9.0-alpha1 <=0.9.0-alpha2), com.datasqrl:sqrl-discovery (>=0.9.0-alpha1 <=0.9.0-alpha2) +14 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.1.0 <=2.1.1)
org.apache.flink:flink-table-runtime MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =26.0.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799797...
com.datasqrl.flinkrunner:stdlib-json (>=0.9.0 <=0.10.1), com.datasqrl:sqrl-discovery (>=0.9.0 <=0.10.4) +17 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (=2.2.0)
org.apache.flink:flink-table-runtime MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-runtime and may be impacted: - com.datasqrl.flinkrunner:stdlib-json =0.9.0, =0.9.0, =0.9.0, =0.9.0, =2.2.0-EXNESS-0.1...
org.apache.doris:flink-doris-connector-2.0 (>=26.0.0 <=26.1.1), org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.0.0 <=2.0.1)
org.apache.flink:flink-table-runtime MAVEN version =2.0.0, =26.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799797...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...
com.couchbase.client.flink-connector-couchbase_2.12:flink-connector-couchbase_2.12 (=0.5.0), com.datasqrl.flinkrunner:kafka-safe-connector (>=0.9.0-alpha1 <=0.9.0-alpha2) +29 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.1.0 <=2.1.1)
org.apache.flink:flink-table-api-java MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =26.0.0, =0.2.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...
CVE-2026-44719
Mathesar (Web app for PostgreSQL) fixed a privilege check vulnerability in versions 0.2.0–0.09.x. Endpoints such as collaborators.list, tables.metadata.list, explorations.list, and forms.list accepted a database_id without verifying that the requester was a collaborator, allowing an authenticated...
GHSA-44M2-CRH7-F4Q2 Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL
Summary Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET /api/datasources/:datasourceId. Every authenticated...