All 3 CVE vulnerabilities found in dbt-core, with AI-generated Chinese analysis, references, and POCs.
Vendor: dbt-labs
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39382 | dbt has a Command Injection in Reusable Workflow via Unsanitized comment-body Output CWE-78 | 8.8AI | HighAI | 2026-04-07 |
| CVE-2024-40637 | Implicit override for built-in materializations from installed packages in dbt-core CWE-74 | 4.2 | Medium | 2024-07-16 |
| CVE-2024-36105 | dbt allows Binding to an Unrestricted IP Address via socketsocket CWE-1327 | 5.3 | Medium | 2024-05-27 |
All 3 known CVE vulnerabilities affecting dbt-core with full Chinese analysis, references, and POCs where available.