| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39382 | dbt has a Command Injection in Reusable Workflow via Unsanitized comment-body Output | dbt-labs | dbt-core | - | - | 2026-04-07 19:56:15 | Deep Dive |
| CVE-2026-29790 | dbt-common: commonprefix() doesn't protect against path traversal | dbt-labs | dbt-common | 中危 | - | 2026-03-06 20:37:42 | Deep Dive |
| CVE-2024-40637 | Implicit override for built-in materializations from installed packages in dbt-core | dbt-labs | dbt-core | Medium | 4.2 | 2024-07-16 22:56:36 | Deep Dive |
| CVE-2024-36105 | dbt allows Binding to an Unrestricted IP Address via socketsocket | dbt-labs | dbt-core | Medium | 5.3 | 2024-05-27 17:17:40 | Deep Dive |