All 7 CVE vulnerabilities found in vanna-ai/vanna, with AI-generated Chinese analysis, references, and POCs.
Vendor: vanna-ai
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-7764 | SQL Injection in vanna-ai/vanna CWE-89 | 9.8 | - | 2025-03-20 |
| CVE-2024-8055 | Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna CWE-89 | 9.1 | - | 2025-03-20 |
| CVE-2024-6841 | CSRF in vanna-ai/vanna CWE-352 | 8.8 | - | 2025-03-20 |
| CVE-2024-8099 | Server-Side Request Forgery (SSRF) in vanna-ai/vanna CWE-918 | 9.1 | - | 2025-03-20 |
| CVE-2024-5753 | Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna CWE-89 | 9.1AI | CriticalAI | 2024-07-05 |
| CVE-2024-5827 | Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna CWE-89 | 9.8AI | CriticalAI | 2024-06-28 |
| CVE-2024-5826 | Remote Code Execution via Prompt Injection in vanna-ai/vanna CWE-94 | 9.8AI | CriticalAI | 2024-06-27 |
All 7 known CVE vulnerabilities affecting vanna-ai/vanna with full Chinese analysis, references, and POCs where available.